492 matches found
Microsoft VBScript rtFilter Out-Of-Bounds Read
vbscript: out-of-bounds read in rtFilter CVE-2018-8552 There is an out-of-bounds vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. PoC: Note that Page Heap might need to be enabled to observe the crash...
CVE-2018-16095
In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...
CVE-2018-16095
In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...
Authentication flaw
In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...
CVE-2018-16095 System Management Module Vulnerabilities
In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...
CVE-2018-16095
CVE-2018-16095 affects Lenovo System Management Module (SMM) firmware prior to 1.06. When authentication fails, the SMM records hashed passwords to a debug log, potentially exposing credentials. Impact is credential exposure within the SMM environment as described by Lenovo’s vulnerability notes....
CVE-2017-18140
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD...
CVE-2017-18140
CVE-2017-18140 affects Android on Qualcomm Snapdragon Automotive/Mobile/Wear platforms. The issue occurs when processing a call disconnection; an attempt to print the RIL token-id to the debug log can lead to a Use After Free condition if eMBMS is enabled, potentially enabling a network-initiated...
IE11: Use-after-free in String.lastIndexOf(CVE-2018-0866)
There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: var vars = new Array2; function main vars0 = new Array1000000; vars1 =...
IE11: Use-after-free in Js::RegexHelper::RegexReplace(CVE-2018-0866)
There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. Note that the PoC was tested in a 64-bit tab process via TabProcGrowth=0 registry flag and the pag...
Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free
IE11: Use-after-free in Js::RegexHelper::RegexReplace CVE-2018-0866 There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. Note that the PoC was tested i...
Windows: Uninitialized variable in jscript!JsArraySlice(CVE-2017-11855)
There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in Internet Explorer. - currently untested An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy...
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read Exploit
Exploit for windows platform in category dos / poc Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash:...
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit
There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors. Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a...
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD var s = 'a'; forvar i=0;i...
Windows jscript!NameTbl::GetValDef Use-After-Free
Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery...
Microsoft Edge 38.14393.1066.0 - COptionsCollectionCacheItem::GetAt Out-of-Bounds Read
Microsoft Edge 38.14393.1066.0 - COptionsCollectionCacheItem::GetAt Out-of-Bounds Read function go select1.multiple = false; var optgroup = document.createElement"optgroup"; select1.addoptgroup; var options = select1.options; select2 = document.createElement"select";...
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the serv...
Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read
Microsoft Edge: out-of-bounds read in COptionsCollectionCacheItem::GetAt CVE-2017-8734 There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 Microsoft EdgeHTML...
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is...