CVE-2023-26356

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

CVE-2022-28248

Acrobat Reader DC version 22.001.2011x and earlier, 20.005.3033x and earlier and 17.012.3022x and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

PT-2022-7068 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader DC versions 17.012.30205 through 22.001.20085 Acrobat Reader DC versions 20.005.3031x and earlier Description: The issue is related to an out-of-bounds read vulnerability when parsing a crafted file, which could result in a rea...

CVE-2021-1087

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager vGPU plugin, which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization ASLR bypass. This affects vGPU version 12.x prior to 12.2, version 11.x prior to 11.4 and version 8.x...

CVE-2018-0972

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server...

CVE-2016-5329

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection SIP is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors...

The vulnerability in the Internet Explorer browser allows a perpetrator to bypass the ASLR protection mechanism.

The vulnerability of the Internet Explorer browser is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism by using a specially crafted web page...

MS KB3033408: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB3033408. It is, therefore, affected by a memory leak that can allow bypassing of memory randomization mitigations, aiding in further attacks. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid80948; scriptversion"1.13";...

Analyzing ASLR in Android Ice Cream Sandwich 4.0

When I first saw the release notes for the new Android Ice Cream Sandwich ICS platform, I was excited to see that Google mentioned that “Android 4.0 now provides address space layout randomization”. For the uninitiated, ASLR randomizes where various areas of memory eg. stack, heap, libs, etc are...

MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

A flaw exists in the way the Microsoft Canonical Display Driver cdd.dll parses information copied from user mode to kernel mode. If the Windows Aero theme is enabled, an attacker who tricks a user on the affected host into viewing a specially crafted image using an application that uses the APIs...

Google Researcher Ships Exploit to Defeat ASLR+DEP

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system. The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP Data Execution Prevention and launch code...