October 15, 2019-KB4519562 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 and Windows Server 2016

October 15, 2019-KB4519562 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 and Windows Server 2016 Release Date: October 15, 2019 Version: .NET Framework 4.8 The October 15, 2019 update for Windows 10 Version 1607 and Windows Server 2016 includes cumulative reliability...

From BinDiff to 0day: Internet Explorer UAF vulnerability analysis-vulnerability warning-the black bar safety net

The last 6 months, I to Microsoft the report the IE browser in aUAF（after the release of the reused vulnerability vulnerability is the official positioning of the severity levels, numberedCVE-2019-1208, Microsoft in 9 monthsPatch Tuesdayfixes this vulnerability. I byBinDiff a binary code analysis...

VBScript - VbsErase Reference Leak Use-After-Free Exploit

There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. Details: VbsErase function is used to reset and free the content...

VBScript - VbsErase Reference Leak Use-After-Free

VBScript - VbsErase Reference Leak Use-After-Free There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. Details:...

Microsoft Windows SAFEARRAY Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

Intel Content Protection HECI Service - Type Confusion Privilege Escalation Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege Summary: The Intel Content...

Intel Content Protection HECI Service - Type Confusion Privilege Escalation

Intel Content Protection HECI Service - Type Confusion Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege...

Intel Content Protection HECI Service - Type Confusion Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege Summary: The Intel Content Protection HECI Service exposes a DCOM object to all...

Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE IPWorksSSL.HTTPS.1 ActiveX Control PostDataB/FirewallDataB Properties Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow

This Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size...

MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow

This module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field,...