Lucene search
K

128 matches found

exploitpack
exploitpack
added 2017/06/22 12:0 a.m.26 views

Microsoft Windows - nt!NtQueryInformationProcess (ProcessVmCounters) Kernel Stack Memory Disclosure

Microsoft Windows - nt!NtQueryInformationProcess ProcessVmCounters Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1190&desc=2 We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information clas...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/06/21 12:0 a.m.21 views

Microsoft Windows - IOCTL_DISK_GET_DRIVE_GEOMETRY_EX Kernel partmgr Pool Memory Disclosure

Microsoft Windows - IOCTLDISKGETDRIVEGEOMETRYEX Kernel partmgr Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1156&desc=2 We have discovered that the handler of the IOCTLDISKGETDRIVEGEOMETRYEX IOCTL in partmgr.sys discloses portions of uninitialized poo...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/06/21 12:0 a.m.60 views

Microsoft Windows - nt!NtQueryVolumeInformationFile (FileFsVolumeInformation) Kernel Pool Memory Dis

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1166 We have discovered that the nt!NtQueryVolumeInformationFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignme...

1.9CVSS6.1AI score0.03713EPSS
Exploits2
0day.today
0day.today
added 2017/06/21 12:0 a.m.81 views

Microsoft Windows - nt!NtNotifyChangeDirectoryFile Kernel Pool Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1169 We have discovered that the nt!NtNotifyChangeDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignmen...

1.9CVSS6.1AI score0.0479EPSS
Exploits2
exploitpack
exploitpack
added 2017/06/21 12:0 a.m.20 views

Microsoft Windows - nt!NtNotifyChangeDirectoryFile Kernel Pool Memory Disclosure

Microsoft Windows - nt!NtNotifyChangeDirectoryFile Kernel Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1169 We have discovered that the nt!NtNotifyChangeDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients, du...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/06/21 12:0 a.m.17 views

Microsoft Windows - IOCTL_DISK_GET_DRIVE_LAYOUT_EX Kernel partmgr Pool Memory Disclosure

Microsoft Windows - IOCTLDISKGETDRIVELAYOUTEX Kernel partmgr Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/21 12:0 a.m.46 views

Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to user-mode clients. The issue can be reproduced by running the attached...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/21 12:0 a.m.26 views

Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1156&desc=2 We have discovered that the handler of the IOCTLDISKGETDRIVEGEOMETRYEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2017/05/26 12:0 p.m.64 views

Mark Dowd on Exploit Mitigation Development

Mark Dowd, fresh off his 2017 Security Analyst Summit keynote, discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers...

9.3CVSS4AI score0.99945EPSS
Exploits33References1
0day.today
0day.today
added 2017/05/16 12:0 a.m.94 views

Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure Explo

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1161 We have discovered that the handler of the nt!NtTraceControl system call specifically the EtwpSetProviderTraitsUm functionality, opcode 0x1E discloses portions of...

1.9CVSS6.2AI score0.09659EPSS
Exploits1
Exploit DB
Exploit DB
added 2017/05/15 12:0 a.m.37 views

Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1145 We have observed on Windows 7 32-bit that for unclear reasons, the kernel-mode structure containing the default DACL of system processes' tokens lsass.exe, services.exe, ... has 8 uninitialized bytes at the end, as the size ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/15 12:0 a.m.28 views

Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1161 We have discovered that the handler of the nt!NtTraceControl system call specifically the EtwpSetProviderTraitsUm functionality, opcode 0x1E discloses portions of uninitialized pool memory to user-mode clients on Windows 10...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2017/04/27 10:2 a.m.15 views

New COOP Attack Method Highlights Weaknesses In Microsoft's CFG Defenses

Researchers at Endgame have been evaluating an exploitation technique called Counterfeit Object-Oriented Programming COOP to bypass Control Flow Integrity CFI implementations such as that used by Microsoft to harden the defenses of Windows 10. Microsoft added its mitigation, called Control Flow...

0.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2016/05/16 11:37 a.m.10 views

Chrome Defaults to HTML5 over Adobe Flash Starting in Q4

As zero days in Adobe Flash Player continue to bubble to the surface, major technology players are announcing their plans to shove the maligned software aside in favor of HTML5. Google is the latest, announcing recently that by Q4 of this year, HTML5 would be the default in the Chrome browser,...

7.4AI score
Exploits0References3
FireEye
FireEye
added 2016/04/07 8:30 a.m.272 views

CVE-2016-1019: A New Flash Exploit Included in Magnitude Exploit Kit

On April 2, security researcher @Kafeine at Proofpoint discovered a change to the Magnitude Exploit Kit. Thanks to their collaboration, we analyzed the sample and discovered that Magnitude EK was exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-1019. The in-the-wild...

10CVSS0.2AI score0.44537EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2015/09/14 12:0 a.m.63 views

Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure

Posted by Mateusz Jurczyk of Google Project Zero In the previous series of posts parts 1 2 3 4, we discussed the exploitation process of a serious “blend” vulnerability CVE-2015-0093 / CVE-2015-3052, which was special in that it provided the attacker with an extremely powerful primitive arbitrary...

10CVSS8AI score0.2121EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2015/07/16 12:0 a.m.27 views

Significant Flash exploit mitigations are live in v18.0.0.209

Posted by Mark Brand and Chris Evans, isolators of heaps Whilst Project Zero has gained a reputation for vulnerability and exploitation research, that's not all that we do. One of the main reasons we perform this research is to provide data to defenders; and one of the things that defenders can d...

10CVSS9.1AI score0.93688EPSS
Exploits12
0day.today
0day.today
added 2015/06/23 12:0 a.m.106 views

CUPS 2.0.3 - Multiple Vulnerabilities

Exploit for multiple platform in category remote exploits Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subse...

10CVSS8.2AI score0.29913EPSS
Exploits9
Packet Storm
Packet Storm
added 2015/06/22 12:0 a.m.64 views

CUPS XSS / String Handling / Improper Teardown

Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, and others become...

10CVSS0.2AI score0.29913EPSS
Exploits9
exploitpack
exploitpack
added 2015/06/22 12:0 a.m.62 views

CUPS 2.0.3 - Multiple Vulnerabilities

CUPS 2.0.3 - Multiple Vulnerabilities Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs...

10CVSS0.4AI score0.29913EPSS
Exploits9
Rows per page
Query Builder