Analysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC
By Sergi Martinez In late June, we published a blog post containing analysis of exploitation of a heap-buffer overflow vulnerability in Adobe Reader, a vulnerability that we thought corresponded to...
View ArticleClik here to view.
Exploiting a use-after-free in Windows Common Logging File System (CLFS)
By Arav Garg Overview This post analyzes a use-after-free vulnerability in clfs.sys, the kernel driver that implements the Common Logging File System, a general-purpose logging service that can be...
View ArticleClik here to view.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
By Sergi Martinez OverviewIt’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux...
View ArticleClik here to view.
Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows...
By Michele Campa OverviewWe describe a method to exploit a Windows Nday vulnerability to escape the Adobe sandbox. This vulnerability is assigned CVE-2021-31199 and it is present in multiple Windows...
View ArticleClik here to view.
Google Chrome V8 ArrayShift Race Condition Remote Code Execution
By Javier Jimenez OverviewThis post describes a method of exploiting a race condition in the V8 JavaScript engine, version 9.1.269.33. The vulnerability affects the following versions of Chrome and...
View ArticleClik here to view.
Shifting boundaries: Exploiting an Integer Overflow in Apple Safari
By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting from incorrect range computations when optimizing...
View ArticleClik here to view.
Safari, Hold Still for NaN Minutes!
By Vignesh Rao and Javier Jimenez IntroductionIn October 2023 Vignesh and Javier presented the discovery of a few bugs affecting JavaScriptCore, the JavaScript engine of Safari. The presentation...
View ArticleClik here to view.
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution
By Javier Jimenez and Vignesh Rao OverviewIn this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in...
View ArticleClik here to view.
Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu
By Oriol Castejón OverviewThis post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December...
View ArticleClik here to view.
Windows Sockets: From Registered I/O to SYSTEM Privileges
By Luca Ginex OverviewThis post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows...
View Article