Hi! A few BPF verifier bugs in the Linux kernel, most of which can be used for controlled memory corruption, have been fixed over the last days. One of the bugs was introduced in 4.9, the others were only introduced in 4.14. The fixes are in the net
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def in
Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places):PoC for IE (note: page heap might be required to obsorve the crash):==============
Windows: heap overflow in jscript.dll in Array.sort CVE-2017-11907There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.PoC
IE11: use-after-free in jscript!JSONStringifyObject CVE-2017-11793There is a use-after-free in jscript.dll library that can be exploited in IE11.PoC:=========================================!-- saved from url=(0014)about:internet --meta http-equiv=X
Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this iss
Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacke
Windows: Uninitialized variable in jscript!JsArraySlice CVE-2017-11855There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in Internet
''' There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for oth
