35 matches found
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product...
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code...
GSD-2022-1002270 mm/kmemleak: reset tag when compare object pointer
mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit...
GSD-2022-1001908 mm/kmemleak: reset tag when compare object pointer
mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
GSD-2022-1001603 mm/kmemleak: reset tag when compare object pointer
mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
GSD-2022-1001298 mm/kmemleak: reset tag when compare object pointer
mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
CVE-2020-12982
An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service...
CVE-2020-12982
CVE-2020-12982 is an issue in the AMD Graphics Driver for Windows 10 describing an invalid object pointer free vulnerability that could lead to privilege escalation or denial of service . The AMD security bulletin AMD-SB-1000 attributes this CVE to the AMD graphics stack and lists mitigations: Ra...
Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable...
Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=782 AppleGraphicsDeviceControlClient doesn't check that its pointer to its IOService at this+0xd8 is non-null before using it in all external methods. We can set this pointer to NULL by racing two threads, one of which calls...
Apple Mac OSX - Kernel OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Typ
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=774 The IOHIDFamily function IOHIDDevice::handleReportWithTime takes at attacker controlled unchecked IOHIDReportType enum, which was cast from an int in either...
Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort
Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array ind...
Apple Mac OSX - Kernel Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=709 nvDevice::ReleaseDeviceTexture is external method 0x10a of userclient 5 of the geforce IOAccelerator. It takes a single uint argument text:000000000001BCD2 mov r14d, esi...
Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=709 nvDevice::ReleaseDeviceTexture is external method 0x10a of userclient 5 of the geforce IOAccelerator. It takes a single uint argument text:000000000001BCD2 mov r14d, esi ... text:000000000001BD08 and r14d, 7FFFFFFFh -- clear...
Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object without checking the bounds then calls a virtual method...
Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object withou...
Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability i...
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
Microsoft Office 2007 - OneTableDocumentStream Invalid Object Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1 The following access violation was observed in Microsoft Office 2007 Word document: 8c0.e68: Access violation - code c0000005 first chance First chan...
CVE-2011-1982
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."...
CVE-2011-1982
CVE-2011-1982 describes an uninitialized object pointer vulnerability in Microsoft Office (notably Office 2007 SP2, and Office 2010 Gold/SP1) that can allow remote code execution when opening Word documents via a crafted file. The underlying issue is an uninitialized pointer in MSO.dll triggered ...