T*L;DR*
After 60 day deadline has passed, I am releasing details on an unfixed
use-after-free vulnerability in Chrome's accessibility features, which are
disabled by default. The issue does not look exploitable.
*More details*
http://berendjanwever.blogspot.nl/2015/07/1503a-chrome-uiaxtreeunserial
Recompiling the regular expression pattern during a replace can cause
the code
to reuse a freed string, but only if the string is freed from the cache by
allocating and freeing a number of strings of certain size.
CVE-2015-2482:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482
ZDI-1
Hey,
Last Tuesday, Microsoft fixed a security issue in Microsoft Edge that I
was aware of, but had not had time to report. (i.e. I was waiting for
vulnerability contributor programs to look over my analysis and make me
an offer for the information). Since this issue has been fixed, I have
publishe
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/
With [MS16-063] Microsoft has patched [CVE-2016
(You can read all this information in more detail on
http://blog.skylined.nl)
Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not a
applications for this mitigation.
If any of the authors of EMET are reading this, please let me know so I
don't have to write you an email to make sure you have seen it for
consideration as an added mitigation.
Cheers,
SkyLined
On 21-06-2016 17:01, Berend-Jan Wever wrote:
> (You can read
That page also contains a write-up on CVE-2014-1736; a vulnerability in
32-bit Chrome on 64-bit Windows that allows arbitrary read&write that
was caused by the fact that that 64-bit Windows allows allocations of
memory at address 0x8000 and up.
On 21-06-2016 19:45, Berend-Jan Wever wrote:
&g
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the first
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161101001.html. There you can find a repro
that triggered
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the second
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161102001.html. There you can find a repro
that trigger
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the third
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161103001.html. There you can find a repro
that triggere
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the third
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161104001.html. There you can find a repro
that triggere
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the fifth
entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161107001.html. There you can find a repro
tha
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the sixth
entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161108001.html. There you can find a repro
tha
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventh entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161109001.html. There you can find a repro
t
apply and will
your system be left vulnerable? Let me know if you found out!
Cheers,
SkyLined
On 10-11-2016 10:49, Berend-Jan Wever wrote:
> Throughout November, I plan to release details on vulnerabilities I
> found in web-browsers which I've not released before. This is the
> eight
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.
T
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
ninth entry in that series, and the first to not target a Microsoft browser.
The below information is available in more detail on my blog at
http://blog.skylined.nl
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
tenth entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161114001.html.
Follow me on http://twitter.c
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
eleventh entry in that series. Unfortunately I won't be able to publish
everything within one month at the current rate, so I may continue to
publish these through D
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twelfth entry in that series. Unfortunately I won't be able to publish
everything within one month at the current rate, so I may continue to
publish these through De
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
thirteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
fourteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
L.S.
Over the past decade, heap sprays have become almost synonymous with
exploits in web-browsers. After having developed my first practical
implementation of a heap spray about ten years ago, I found that the
amount of memory needed in some cases was too much for a realistic
attack scenario. I n
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
fifteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
sixteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventeenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these throug
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
eighteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
nineteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twentieth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-first entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these throu
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-second entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these thro
As I am sure you are by now well aware, in November I decided to start
releasing details on all vulnerabilities I found in web-browsers that I
had not released before. As I was unable to publish all of them within a
single month, I will try to continue to publish all my old
vulnerabilities, includi
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful
FYI: this link to my blog was 404 until early this morning. It is now up
if you are still interested in reading it.
On 05-12-2016 11:55, Berend-Jan Wever wrote:
> Since November I have been releasing details on all vulnerabilities I
> found in web-browsers that I had not released before.
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-seventh entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161207001.html. There you can find a repro
that triggered
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-eighth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161208001.html. There you can find a repro
that triggered
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-ninth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161209001.html. There you can find a repro
that triggered t
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirtieth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161212001.html. There you can find a repro
that triggered this
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the thirty-first entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161213001.html. There you can find a repro
that triggered t
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 32nd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161214001.html. There you can find a repro
that triggered this issu
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 33rd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161215001.html. There you can find a repro
that triggered this issu
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 34th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161216001.html. There you can find a repro
that triggered this issu
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 35th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161219001.html. There you can find a repro
that triggered this issu
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 36th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161220001.html. There you can find a repro
that triggered this issu
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 37th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161221001.html. There you can find a repro
that triggered this issu
While search engines may have taken away the need to bundle contributions
into magazines, and I think the desire to direct traffic to one's personal
site also contributes to decentralization, all this does not explain the
shocking lack of ASCII art in most exploits.
Cheers,
SkyLined
TL;DR: Full disclosure of low risk 0-day in MSIE 8 after 60-day deadline
passed
without a fix.
1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free
=
Synopsis
When using the Developer Tools of MSIE 8, one might hover the mouse over a
button in
49 matches
Mail list logo
