Search the Community
Showing results for tags 'use-after-free'.
-
Android suffers from a use-after-free vulnerability in the binder driver at /drivers/android/binder.c. View the full article
-
Chrome suffers from a use-after-free vulnerability due to a double call to IndexedDBConnection::Close. View the full article
-
- chrome
- indexeddbconnection::close
-
(and 1 more)
Tagged with:
-
Exploits Chrome ~LevelDBIteratorImpl Use-After-Free
1337day-Exploits posted a topic in Updated Exploits
Chrome suffers from a use-after-free vulnerability in ~LevelDBIteratorImpl. View the full article-
- chrome
- ~leveldbiteratorimpl
-
(and 1 more)
Tagged with:
-
The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution. View the full article
-
Linux suffers from use-after-free read vulnerabilities in show_numa_stats(). View the full article
-
- use-after-free
- show_numa_stats()
-
(and 1 more)
Tagged with:
-
Exploits NSKeyedUnarchiver ObjC Object Use-After-Free
1337day-Exploits posted a topic in Updated Exploits
NSKeyedUnarchiver suffers from a use-after-free vulnerability with ObjC objects when unarchiving OITSUIntDictionary instances even if secureCoding is required. View the full article-
- nskeyedunarchiver
- objc
-
(and 2 more)
Tagged with:
-
Exploits Google Chrome JS Execution Use-After-Free
1337day-Exploits posted a topic in Updated Exploits
JS execution inside ScriptForbiddenScope can lead to a use-after-free condition in Google Chrome. View the full article -
Linux suffers from a use-after-free via a race condition between modify_ldt() and #BR exception. View the full article
-
The Qualcomm Android kernel suffers from a use-after-free vulnerability via an incorrect set_page_dirty() in KGSL. View the full article
-
XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach. View the full article
-
This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful. View the full article
-
- chrome
- 72.0.3626.119
-
(and 2 more)
Tagged with:
-
Chrome suffers from a use-after-free vulnerability in FileChooserImpl. View the full article
-
- chrome
- filechooserimpl
-
(and 1 more)
Tagged with:
-
This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS. View the full article
-
- gnutls
- verify_crt()
-
(and 1 more)
Tagged with:
-
Chrome suffers from a use-after-free vulnerability in MidiManagerWin. View the full article
-
- chrome
- midimanagerwin
-
(and 1 more)
Tagged with:
-
Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner. View the full article
-
- chrome
- filesystemoperationrunner
-
(and 1 more)
Tagged with:
-
Exploits Chrome PaymentRequest Service Use-After-Free
1337day-Exploits posted a topic in Updated Exploits
Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service. View the full article-
- chrome
- paymentrequest
-
(and 2 more)
Tagged with:
-
Chrome suffers from a use-after-free vulnerability in FileWriterImpl. View the full article
-
- chrome
- filewriterimpl
-
(and 1 more)
Tagged with: