40 matches found
Hancom Office 2020 Hword HwordApp.dll SectorLoc heap-based buffer overflow
Summary A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this...
Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory
Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory...
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific...
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs...
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specif...
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour
A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of OpenType fonts. It manifests itself in the form of the following crash with AFL's libdislocator: --- cut --- gdb$ c Continuing...
Oracle Java Runtime Environment - Heap Out-of-Bounds glyph_CloseContour
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyphCloseContour ---------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the...
Microsoft Windows - USP10!NextCharInLiga Uniscribe Font Processing Out-of-Bounds Memory Read
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1202 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!NextCharInLiga function, while trying to display text using a corrupted TTF font file: ---...
Microsoft Windows - USP10!CreateIndexTable Uniscribe Font Processing Out-of-Bounds Memory Read
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1201 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!CreateIndexTable function, while trying to display text using a corrupted TTF font file: -...
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0288)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlReverseChainingLookup::apply function, while trying to display text using a corrupted TTF font file: --- 678.6c8: Access violation - code c0000005 first chance First chance exceptions are reported before any...
Microsoft Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0282)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!CreateIndexTable function, while trying to display text using a corrupted TTF font file: --- 5cc.74: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handlin...
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0286 )
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!NextCharInLiga function, while trying to display text using a corrupted TTF font file: --- 3d4.454: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling...
Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1204 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos function, while trying to display text using a corrupted TTF font file: --- 470.4d4: Access violation - code c00000...
Microsoft Windows - USP10!SubstituteNtoM Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!SubstituteNtoM Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1200 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!SubstituteNtoM function, while trying to display...
In-depth analysis of the N. S. A. took 5 years of IIS vulnerability-vulnerability warning-the black bar safety net
Source: Xuanwu lab Author: Ke Liu of Tencent’s Xuanwu Lab The 1. Vulnerability description 1.1 exploit description 2017 3 November 27, from South China University of technology the Zhiniang Peng and Chen Wu in GitHub 1 discloses an IIS 6.0 vulnerability exploit code, and specify its may 2016 7...
Windows Uniscribe heap-based out-of-bounds read in USP10!ScriptApplyLogicalWidth(CVE-2017-0062)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ScriptApplyLogicalWidth function, while trying to display a malformed EMF file: 920c.9190: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...