6dc4d46521
16 new exploits Meteocontrol WEB’log - Admin Password Disclosure Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow Adobe Flash - JXR Processing Out-of-Bounds Read Adobe Flash - Out-of-Bounds Read when Placing Object Adobe Flash - Overflow in Processing Raw 565 Textures Adobe Flash - Heap Overflow in ATF Processing (Image Reading) Adobe Flash - MP4 File Stack Corruption Adobe Flash - Type Confusion in FileReference Constructor Adobe Flash - addProperty Use-After-Free Adobe Flash - SetNative Use-After-Free Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055) Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055) Windows - gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Symantec/Norton Antivirus - ASPack Remote Heap/Pool Memory Corruption Vulnerability Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection SAP xMII 15.0 - Directory Traversal
12 lines
435 B
Text
Executable file
12 lines
435 B
Text
Executable file
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=791
|
|
|
|
There is an out-of-bounds read in JXR processing. This issue is probably not exploitable, but could be used an an information leak.
|
|
|
|
To reproduce the issue, load the attach file '8' using LoadImage.swf as follows:
|
|
|
|
LoadImage.swf?img=8
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39824.zip
|
|
|