[WP-M9] sendNative with CBridge will always revert

Lines of code Vulnerability details function startBridgeCBridgeData memory cBridgeData internal Storage storage s = getStorage; address bridge = bridge; // Do CBridge stuff requires.cBridgeChainId != cBridgeData.dstChainId, "Cannot bridge to the same network."; if...

Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow

Sources: https://siberas.de/blog/2017/10/05/exploitationcasestudywildpooloverflowCVE-2016-3309reloaded.html https://github.com/siberas/CVE-2016-3309Reloaded Exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys tcpip.sys

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind Implementation Bugs in afd.sys tcpip.sys Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function,...

Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026)

Source: https://code.google.com/p/google-security-research/issues/detail?id=683 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N bytes...

Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow (MS16-026)

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=683 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N...

Windows win32k.sys TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TTF program instruction while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA ...

Microsoft Windows - 'win32k.sys' TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TTF program instruction while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA ...