1995 matches found
Internet Bug Bounty: UAF in xmlparser_setevents (1)
https://bugs.python.org/issue24103...
Race condition
Race condition in the Pragmatic General Multicast PGM protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gai...
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts MS15-097 Source: https://code.google.com/p/google-security-research/issues/detail?id=433 --- The attached PoC demonstrates a UAF condition with printer device contexts. The PoC will trigger on Win 7 32-bit with Special Pool...
Adobe Flash AS2 - Color.setRGB Use-After-Free
Adobe Flash AS2 - Color.setRGB Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=367&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for Chromium VRP bug https://code.google.com/p/chromium/issues/detail?id=484610...
Adobe Flash AS2 - Color.setRGB Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=367&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for Chromium VRP bug https://code.google.com/p/chromium/issues/detail?id=484610 Credit is to bilou, working with the Chromium...
Technical analysis: Hacking Team for Flash 0day brace-vulnerability warning-the black bar safety net
! The vast JIT CODE, how to find we want to track The code? Borrow HackingTeam Flash 0day event detail debug flow and jitcode, to help some friends to follow better learning. ValueOf the frequency out of the vulnerability, adobe now has been the lack what fill what, a 7 on No. 8, only repair the...
Hacking Team Flash New 0Day exploit code analysis-vulnerability warning-the black bar safety net
The weekend early in the morning, you see the know Chong Yu on the microblogging said, the Hacking Team and leaked to the new Flash 0Day in the current measured. Thus the author download a copy of the exploit code, tested indeed in the latest version available, currently the official Adobe did no...
Adobe Flash ActionScript ByteArray Buffer UAF 代码执行
Vulcan 在第一时间进行了分析, 下面都是基于该报告1进行说明:漏洞的形成原因是 Clasz 类型给 ByteArray 类型赋值时调用 valueOf 函数过程中 buffer 使用不当,从而造成 Use After Free 漏洞。forvar i:int; i alen; i+=3 ai = new Class2i; ai+1 = new ByteArray; // 这里产生 ByteArray 类型数据 ai+1.length = 0xfa0; // 这里将 ByteArray 类型数据的初始长度设置为 0xfa0 // 进入 Adobe Flash Player 之后...
Adobe Flash Player Convolution Filter UAF 命令执行
这个漏洞和 Flash 的 ByteArray 成因类似, 都是调用了 Clasz.valueOf 参数引发的 uaf 命令执行Vulcan 在第一时间进行了分析,基于该报告1进行说明:// try to allocate two sequential pages of memory: matrix MyClass2 fori=20; i alen; i+=6 ai = new Class2i; forj=i+1; j i+5; j++ aj = new ConvolutionFilter14,15; // ConvolutionFilter 在这里创建 ai+5 = new...
Microsoft refused to fix the 3 2-bit the IE vulnerability, the reason given is: 3 2-bit programs to be eliminated-vulnerability warning-the black bar safety net
! HP security expert Dustin Childs recently disclosed one that affects millions of 3 2-bit Windows systems the IE vulnerability. Looks pretty serious isn't it? However, Microsoft does not seem to intend to fix this vulnerability...... This is a based on ASLR, address space layout randomization of...
OpenLitespeed 1.3.9 - Use After Free (DoS)
Exploit for linux platform in category dos / poc / Openlitespeed 1.3.9 Use After Free denial of service exploit. This exploit triggers a denial of service condition within the Openlitespeed web server. This is achieved by sending a tampered request contain a large number 91 of 'a: a' header rows...
FLASH, CVE-2 0 1 5-0 3 1 3 분석(analysis)-vulnerability warning-the black bar safety net
This year 2 Month 2 day,Trend Micro found the Flash 1dayCVE-2 0 1 5-0 3 1 3 A. This with the earlier analysis of the cve - 2 0 1 5 – 0 3 1 1 vulnerability are equally UAF types. By domainMemory referenced memory will be freed,so that by the Read-Write memory to execute arbitrary instructions. The...
IE vulnerability commissioning of CVE-2 0 1 3-3 8 9 3-vulnerability warning-the black bar safety net
Introduction Windows platform vulnerability discovery, and security research, IE is always not open around the topic. IE vulnerabilities just like the adobe series like Classic, is learning to exploit, the shellcode and the perfect way. On the IE vulnerability, the UAF IE Use-After-Free is the mo...
MS15-061 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
No description provided by source. include include / Exploiting MS15-061 with reverse engineering Win32k.sys by steps : 1: hook PEB callback Function 2: trigger vulnerability make proper Window to lead vulnerable function 3: replace fake object with NtUserDefSetText in Desktop heap inside PEB...
webkit innerHTML UAF PoC ( CVE-2010-0049)
No description provided by source. POC of a safari vuln use apple safari to open the html file http://www.team509.com/s6.html I used 4.0.3531.9.1 on windows xp sp3 safari will execute calc.exe DEP disable. And on windows, we use chrome2.0.172.39 to analysis it because on windows safari has not...