Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if...

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attacker...

Phabricator: Information leakage through Graphviz blocks

This report amounts to Unsandboxed Command Execution Considered Harmful, which you already suspected: https://secure.phabricator.com/T7785 Graphviz blocks can be used to view a render of any image file readable by the webserver, through the image and shapefile graph node attributes. This alone...

Vimeo: XSS on any site that includes the moogaloop flash player | deprecated embed code

The moogaloop flash player includes in most cases http://f.vimeocdn.com/p/flash/moogaloop/6.0.30/controllers/videoControllerProgressive.swf. In that flash file we can find functionality that looks into the SharedObject "com.conviva.livePass" for recently loaded swf-URLs under the key "lastSwfUrls...