Search the Community

The Microsoft Windows kernel suffers from a null pointer dereference vulnerability in nt!MiOffsetToProtos while parsing a malformed PE file. View the full article

The Microsoft Font Subsetting DLL (fontsub.dll) is a default Windows helper library for subsetting TTF fonts. It has an issue where it returns a dangling pointer via MergeFontPackage. View the full article

Microsoft DirectWrite / AFDKO suffers from a NULL pointer dereferences vulnerability in OpenType font handling while accessing empty dynarrays. View the full article

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10. View the full article

XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach. View the full article

Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit. View the full article

Linux Kernel version 4.4 (Ubuntu 16.04) suffers from a snd_timer_user_ccallback() kernel pointer leak vulnerability. View the full article

Linux kernel version 4.13 suffers from a compat_get_timex() kernel pointer leak vulnerability. View the full article

NTPsec version 1.1.2 suffer from a null pointer dereference vulnerability in ntp_control. View the full article

Microsoft Edge version 44.17763.1.0 suffers from a null pointer dereference vulnerability. View the full article

Linux Kernel version 4.8 on Ubuntu 16.04 suffers from an sctp kernel pointer leak vulnerability. View the full article

Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay. View the full article

This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64. View the full article

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF. View the full article