google’s security lab „project zero

has made itself a name.

(you can subscribe to their rss feed with thunderbird.)

Posted by Ben Hawkes, Project Zero (team lead) (2019-05-15)

Project Zero’s team mission is to „make zero-day hard“, i.e. to make it more costly to discover and exploit security vulnerabilities. We primarily achieve this by performing our own security research, but at times we also study external instances of zero-day exploits that were discovered „in the wild“. These cases provide an interesting glimpse into real-world attacker behavior and capabilities, in a way that nicely augments the insights we gain from our own research.

Today, we’re sharing our tracking spreadsheet for publicly known cases of detected zero-day exploits, in the hope that this can be a useful community resource:

Spreadsheet link: 0day „In the Wild“

This data is collected from a range of public sources. We include relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does not mean we endorse or validate the content there. The data described in the spreadsheet is nothing new, but we think that collecting it together in one place is useful. For example, it shows that:

  • On average, a new „in the wild“ exploit is discovered every 17 days (but in practice these often clump together in exploit chains that are all discovered on the same date);
  • Across all vendors, it takes 15 days on average to patch a vulnerability that is being used in active attacks;
  • A detailed technical analysis on the root-cause of the vulnerability is published for 86% of listed CVEs;
  • Memory corruption issues are the root-cause of 68% of listed CVEs.

We also think that this data poses an interesting question: what is the detection rate of 0day exploits? In other words, at what rate are 0day exploits being used in attacks without being detected? This is a key „unknown parameter“ in security, and how you model it will greatly inform your views, plans, and priorities as a defender.

It’s also important that we interpret this data as a failure-case for an attacker, and so it doesn’t make sense to draw overarching conclusions about attacker behavior based on a limited data set like this — we see a brief glimpse, but not the whole story.

Additionally, the rate of detection is likely to differ substantially between platforms (e.g. mobile vs desktop), so it’s not useful for direct comparisons between platforms either.

Finally, if you spot something in the spreadsheet that looks incorrect, let us know! We hope to maintain and improve this spreadsheet over time, and welcome suggestions for additions or corrections based on publicly available data.

src: https://googleprojectzero.blogspot.com/p/0day.html

src: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview?sle=true#

catastrophic security hole in WhatsApp’s voip-stack allows malware and spying

i just hope there is no such thing in signal, telegram and co. X-D

another OpenSource VideoConferencing system:

WebRTC based video conferencing – Howto Setup jitsi debian mate – OpenSource alternative to Skype

„The attacker can simply insert the Spyware into the respective device by a WhatsApp call, even if the called one does not pick up at all.“ (auto translated from src: heise.de)

„By February 2018, WhatsApp had over one and a half billion users,[51][52] making it the most popular messaging application at the time.[52][53] It has grown in multiple countries, including Brazil, India, and large parts of Europe, including the United Kingdom and France.[52]

(src: wikipedia.org)

Just imagine – you could send those 1.5 billion phones a specially crafted message and ransom-encrypt all the phone’s content and charge 10$ for decryption?

It is probably also used by private and governmental intelligence companies to spy on target people’s phones.

CVE-2019-3568
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134,

WhatsApp Business for Android prior to v2.19.44,

WhatsApp for iOS prior to v2.19.51,

WhatsApp Business for iOS prior to v2.19.51,

WhatsApp for Windows Phone prior to v2.18.348,

WhatsApp for Tizen prior to v2.18.15.

While signal.org mention that Snowden and Laura Poitras recommend:

signal.org Messenger (Open Whisper Systems) (they now even have a Desktop-Version with official packages.deb for Debian/Ubuntu, but you can also install signal messenger on Fedora/RedHat/CentOS7 like this)

Signal seemed to be „independent“ – in fact – Moxie Marlinspike sold it to Twitter for an undiscloused amount of money – which makes the whole thing smell fishy… but according to wikipedia everything is „okidokay“

„During an interview with The New Yorker in October 2014, he recommended using „anything from Moxie Marlinspike and Open Whisper Systems“.[54] During a remote appearance at an event hosted by Ryerson University and Canadian Journalists for Free Expression in March 2015, Snowden said that Signal is „very good“ and that he knew the security model.[55] Asked about encrypted messaging apps during a Reddit AMA in May 2015, he recommended “Signal for iOS, Redphone/TextSecure for Android”.[56][57] In November 2015, Snowden tweeted that he used Signal „every day“.[58]

(src: https://en.wikipedia.org/wiki/Signal_Messenger#Reception)

Even if Moxie Marlinspike left Twitter to – again – to form a company with a

„Whisper Systems was an enterprise mobile security company that was co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson in 2010.[1] The company was acquired by Twitter in November 2011.[2][3][4]

Some of the company’s software products were released under free software licenses after the acquisition,[5] which led to the creation of an independent organization called Open Whisper Systems.[6]“ (src: Wikipedia.org)

„Marlinspike later left Twitter and founded Open Whisper Systems as a collaborative open source project for the continued development of TextSecure and RedPhone.[19][20]

2011: „Twitter acquired the company that makes TextSecure, Whisper Systems“

„In countries where governments have more strict control over wireless networks, Whisper Systems‘ apps have been extremely helpful to dissidents wanting to communicate and organize securely.“ (src: 2011: mashable.com)

RedPhone
A stand-alone application for encrypted voice calling on Android. RedPhone integrated with the system dialer to make calls, but used ZRTP to set up an end-to-end encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and used push notifications to preserve the user’s device’s battery life while still remaining responsive.[81] RedPhone was merged into TextSecure on November 2, 2015.[37] TextSecure was then renamed as Signal for Android.[37] RedPhone’s source code was available under the GPLv3 license.[81]

TextSecure
TextSecure
A stand-alone application for encrypted messaging on Android.[82][83] TextSecure could be used to send and receive SMS, MMS, and instant messages.[84] It used end-to-end encryption with forward secrecy and deniable authentication to secure all instant messages to other TextSecure users.[60][83][85][86] TextSecure was merged with RedPhone to become Signal for Android[37], but lost its ability to encrypt SMS. The source code is available under the GPLv3 license.[82]
0day „In the Wild“
2
Last updated: 2019-05-15
3
4
This spreadsheet is used to track cases of zero-day exploits that were detected „in the wild“. This means the
vulnerability was detected in real attacks against users as a zero-day vulnerability (i.e. not known to the
public or the vendor at the time of detection). This data is collected from a range of public sources. We include
relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does
not mean we endorse or validate the content there.
5
6
An introduction to this spreadsheet is available on the Project Zero blog:
7
https://googleprojectzero.blogspot.com/p/0day.html
8
9
Some additional notes on how the data is processed:
10
– Scope for inclusion: there are some 0day exploits (such as CVE-2017-12824) in areas that aren’t active
research targets for Project Zero. Generally this list includes targets that Project Zero has previously
investigated (i.e. there are bug reports in our issue tracker) or will investigate in the near future.
11
– Security supported: this list does not include exploits for software that is explicitly EOL at the time of
discovery (such as the ExplodingCan exploit for IIS on Windows Server 2003, surfaced in 2017).
12
– Post-disclosure: this list does not include CVEs that were opportunistically exploited by attackers in the gap
between public disclosure (or „full disclosure“) and a patch becoming available to users (such as
CVE-2015-0072, CVE-2018-8414 or CVE-2018-8440).
13
– Reasonable inference: this list includes exploits that were not discovered in an active breach, but were
leaked or discovered in a form that suggests with high confidence that they were probably used „in the wild“
at some point (e.g. Equation Group and Hacking Team leaks).
14
– Date resolution: we only set the date of discovery when the reporter specifies one. If a discovery is
indicated as being made in „late April“ or „early March“, we record that as if no date was provided.
15
– Attribution: generally the “claimed attribution” column refers to the attack team that is reportedly using the
exploit, but in some cases it can refer to the supplier of the exploit (c.f. HackingTeam, NSO Group, Exodus
Intel) if no other information is available.
16
– Time range: data collection starts from the day we announced Project Zero — July 15, 2014.
17
18
For additions, corrections, questions, or comments, please contact 0day-in-the-wild@google.com
1
CVE Vendor Product Type Description
Date Discovered
Date Patched
Advisory Analysis URL
Claimed Attribution
Claimed Attribution URL
2
CVE-2019-3568 Facebook WhatsApp
Memory Corruption
Buffer overflow in SRTCP packets ??? 2019-05-13 NSO Group
3
CVE-2019-0803 Microsoft Windows
Memory Corruption
Unspecified memory corruption in win32k ??? 2019-04-09 ??? ??? ???
4
CVE-2019-0859 Microsoft Windows
Memory Corruption
Use-after-free in CreateWindowEx 2019-03-17 2019-04-09 ??? ???
5
CVE-2019-0703 Microsoft Windows Information Leak
Unspecified information leak vulnerability in SMB
??? 2019-03-12 ??? APT3/Buckeye
6
CVE-2019-0808 Microsoft Windows
Memory Corruption
NULL pointer dereference in win32k!xxxMNFindWindowFromPoint
??? 2019-03-12 ??? ???
7
CVE-2019-0797 Microsoft Windows
Memory Corruption
Race condition in NtDCompositionDestroyConnection
2019-02-22 2019-03-12
FruityArmor/Stealth Falcon, and Sandcat
8
CVE-2019-5786 Google Chrome
Memory Corruption
Use-after-free in FileReader ??? 2019-03-01 ??? ???
9
CVE-2019-0676 Microsoft Internet Explorer Information Leak Unspecified information leak vulnerability ??? 2019-02-12 ??? ??? ???
10
CVE-2019-7286 Apple iOS
Memory Corruption
Use-after-free in CFPrefsDaemon ??? 2019-02-07 ??? ???
11
CVE-2019-7287 Apple iOS
Memory Corruption
Buffer overflow in ProvInfoIOKitUserClient ??? 2019-02-07 ??? ???
12
CVE-2018-8653 Microsoft Internet Explorer
Memory Corruption
Use-after-free in Enumerator ??? 2018-12-19 ??? ???
13
CVE-2018-8611 Microsoft Windows
Memory Corruption
Race condition in kernel transaction manager
2018-10-29 2018-12-11
FruityArmor/Stealth Falcon, and Sandcat
14
CVE-2018-15982
Adobe Flash
Memory Corruption
Use-after-free in TVSDK Metadata 2018-11-29 2018-12-05 ??? ???
15
CVE-2018-8589 Microsoft Windows
Memory Corruption
Race condition in win32k!xxxMoveWindow 2018-10-17 2018-11-13
FruityArmor/Stealth Falcon, and Sandcat
16
CVE-2018-8453 Microsoft Windows
Memory Corruption
Use-after-free in win32kfull!xxxDestroyWindow
2018-08-17 2018-10-09
FruityArmor/Stealth Falcon
17
CVE-2018-8373 Microsoft VBScript
Memory Corruption
Use-after-free in VBScript AssignVar 2018-07-11 2018-08-14 ??? ???
18
CVE-2018-5002 Adobe Flash
Memory Corruption
Out-of-bounds read/write in AVM li8 opcode ??? 2018-06-07
FruityArmor/Stealth Falcon
19
CVE-2018-4990 Adobe Reader
Memory Corruption
Out-of-bounds free in JPEG2000 CMAP ??? 2018-05-14 ??? ???
20
CVE-2018-8120 Microsoft Windows
Memory Corruption
NULL pointer dereference in NtUserSetImeInfoEx
??? 2018-05-08 ??? ???
21
CVE-2018-8174 Microsoft VBScript
Memory Corruption
Use-after-free in VBScriptClass::Release ??? 2018-05-08 ??? ???
22
CVE-2018-4878 Adobe Flash
Memory Corruption
Use-after-free in MediaPlayer DRM Listener ??? 2018-02-06
ScarCruft/APT37/Reaper
23
CVE-2018-0802 Microsoft Office
Memory Corruption
Buffer overflow in equation editor lfFaceName
??? 2018-01-09 ??? ???
24
CVE-2017-11292
Adobe Flash
Memory Corruption
Type confusion in TVSDK BufferControlParameters
2017-10-10 2017-10-16 BlackOasis
25
CVE-2017-11826
Microsoft Office
Memory Corruption
Memory corruption in Open XML format nested tags
2017-09-28 2017-10-10 ??? ???
26
CVE-2017-8759 Microsoft Office Logic/Design Flaw Code injection in SOAP WSDL parser ??? 2017-09-12 BlackOasis
27
CVE-2017-8464 Microsoft Windows Logic/Design Flaw Code injection in LNK file ExtraData parsing ??? 2017-06-13 ??? ???
28
CVE-2017-8543 Microsoft Windows
Memory Corruption
Buffer overflow in Windows Search CTableVariant
??? 2017-06-13 ??? ???
29
CVE-2017-0261 Microsoft Office
Memory Corruption
Use-after free in EPS restore operator ??? 2017-05-09 Turla
30
CVE-2017-0262 Microsoft Office
Memory Corruption
Type Confusion in EPS forall operator ??? 2017-05-09
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
31
CVE-2017-0263 Microsoft Windows
Memory Corruption
Use-after-free in win32k!xxxDestroyWindow ??? 2017-05-09
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
32
CVE-2017-0222 Microsoft Internet Explorer
Memory Corruption
Unspecified memory corruption in Internet Explorer
??? 2017-05-09 ??? ??? ???
33
CVE-2017-8291 Ghostscript Ghostscript
Memory Corruption
Type confusion in rsdparams internal operator
??? 2017-04-27 ???
34
CVE-2017-0210 Microsoft Internet Explorer UXSS UXSS in htmlFile ActiveX control ??? 2017-04-11 ??? ???
35
CVE-2017-0199 Microsoft Office Logic/Design Flaw
Logic/design flaw in embedded HTA documents
??? 2017-04-11
??? (FINSPY/LatentBot)
36
CVE-2017-1274 IBM Domino
Memory Corruption
Buffer overflow in IMAP EXAMINE (EmphasisMine)
??? 2017-03-20 ??? Equation Group
37
CVE-2017-3881 Cisco IOS
Memory Corruption
Buffer overflow in IOS Cluster Management Protocol
??? 2017-03-17 Vault 7
38
CVE-2017-0149 Microsoft Internet Explorer
Memory Corruption
Memory corruption in VBScript rtJoin ??? 2017-03-14 ??? ???
39
CVE-2017-0022 Microsoft XML Core Services Information Leak
Information leak in MSXML version resource
??? 2017-03-14 AdGholas/Neutrino ???
40
CVE-2017-0005 Microsoft Windows
Memory Corruption
Unspecified memory corruption in GDI ??? 2017-03-14 ZIRCONIUM/APT31
41
CVE-2017-0143 Microsoft Windows
Memory Corruption
Type confusion in SMB messages (EternalSynergy)
??? 2017-03-14 Equation Group
42
CVE-2017-0144 Microsoft Windows
Memory Corruption
Buffer overflow in SMB File Extended Attributes (EternalBlue)
??? 2017-03-14 Equation Group
43
CVE-2017-0145 Microsoft Windows
Memory Corruption
Unspecified type confusion in SMB (EternalRomance)
??? 2017-03-14 Equation Group
44
CVE-2017-0146 Microsoft Windows
Memory Corruption
Race condition in SMB transactions (EternalChampion)
??? 2017-03-14 Equation Group
45
CVE-2017-0147 Microsoft Windows Information Leak
Information leak in SMB transactions (EternalChampion)
??? 2017-03-14 Equation Group
46
CVE-2016-7892 Adobe Flash
Memory Corruption
Unspecified use-after-free issue ??? 2016-12-13 ??? ??? ???
47
CVE-2016-9079 Mozilla Firefox
Memory Corruption
Use-after-free in SVG Animation (Tor exploit)
2016-11-29 2016-11-30 Exodus Intel
48
CVE-2016-7256 Microsoft Windows
Memory Corruption
Memory corruption on OpenType fonts CFF name index
??? 2016-11-08 ???
49
CVE-2016-7255 Microsoft Windows Kernel
Memory Corruption
Memory corruption in NtUserSetWindowLongPtr
2016-10-21 2016-11-08
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
50
CVE-2016-7855 Adobe Flash
Memory Corruption
Unspecified use-after-free issue 2016-10-21 2016-10-26
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
51
CVE-2016-5195 Linux Kernel
Memory Corruption
Race condition in copy-on-write (DirtyCOW) ??? 2016-10-18 ??? ??? ???
52
CVE-2016-3298 Microsoft Internet Explorer Information Leak Information leak in Microsoft.XMLDOM ??? 2016-10-11 AdGholas/Neutrino
53
CVE-2016-3393 Microsoft Windows
Memory Corruption
Memory corruption in TTF cjComputeGLYPHSET_MSFT_GENERAL
??? 2016-10-11
FruityArmor/Stealth Falcon
54
CVE-2016-7193 Microsoft Office
Memory Corruption
Memory corruption in \dfrxst ??? 2016-10-11 ??? ???
55
CVE-2016-3351 Microsoft Internet Explorer Information Leak Information leak in a.mimeType ??? 2016-09-13 AdGholas
56
CVE-2016-4655 Apple iOS Information Leak
Information leak in kernel OSUnserializeBinary (Pegasus)
2016-08-15 2016-08-25 NSO Group
57
CVE-2016-4656 Apple iOS
Memory Corruption
Use-after-free in kernel OSUnserializeBinary (Pegasus)
2016-08-15 2016-08-25 NSO Group
58
CVE-2016-4657 Apple WebKit
Memory Corruption
Use-after-free in MarkedArgumentBuffer (Pegasus)
2016-08-15 2016-08-25 NSO Group
59
CVE-2016-6366 Cisco ASA
Memory Corruption
Buffer overflow in SNMP parsing (EXTRABACON)
2016-08-15 2016-08-17 Equation Group
60
CVE-2016-6367 Cisco ASA
Memory Corruption
Buffer overflow in CLI parsing (EPICBANANA)
2016-08-15 2016-08-17 ??? Equation Group
61
CVE-2016-4171 Adobe Flash
Memory Corruption
Memory corruption in ExecPolicy metadata parsing
??? 2016-06-15
ScarCruft/APT37/Reaper
62
CVE-2016-4117 Adobe Flash
Memory Corruption
Type confusion in tvsdk DeleteRangeTimelineOperation
2016-05-08 2016-05-12 BlackOasis
63
CVE-2016-0189 Microsoft Internet Explorer
Memory Corruption
Memory corruption in VBScript AccessArray
??? 2016-05-10 ???
64
CVE-2016-0162 Microsoft Internet Explorer Information Leak Unspecified file detection issue ??? 2016-04-12 Stegano/Astrum
65
CVE-2016-0165 Microsoft Windows Kernel
Memory Corruption
Buffer overflow in RGNMEMOBJ::vCreate ??? 2016-04-12 ??? ???
66
CVE-2016-0167 Microsoft Windows Kernel
Memory Corruption
Use-after-free in win32k!xxxMNDestroyHandler
2016-03-08 2016-04-12 FIN8
67
CVE-2016-1019 Adobe Flash
Memory Corruption
Type confusion in FileReference 2016-04-02 2016-04-07 Magnitude
68
CVE-2016-1010 Adobe Flash
Memory Corruption
Buffer overflow in BitmapData.copyPixels ??? 2016-03-10
ScarCruft/APT37/Reaper
69
CVE-2016-0984 Adobe Flash
Memory Corruption
Use-after-free in Sound.loadPCMFromByteArray
2016-01-11 2016-02-09 BlackOasis
70
CVE-2016-0034 Microsoft Silverlight
Memory Corruption
Memory corruption in BinaryReader 2015-11-25 2016-01-12 HackingTeam
71
CVE-2015-8651 Adobe Flash
Memory Corruption
Integer overflow in domainMemory ??? 2015-12-28 ??? Dark Hotel
72
CVE-2015-6175 Microsoft Windows Kernel
Memory Corruption
Memory corruption in gpuenergydrv.sys ??? 2015-12-08 ??? ???
73
CVE-2015-4902 Oracle Java Logic/Design Flaw Click-to-play bypass ??? 2015-10-20
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
74
CVE-2015-7645 Adobe Flash Type Confusion
Type confusion in IExternalizable.writeExternal
2015-10-13 2015-10-16
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
75
CVE-2015-2546 Microsoft Windows Kernel
Memory Corruption
Use-after-free in xxxSendMessage (tagPOPUPMENU)
??? 2015-09-08 ??? ???
76
CVE-2015-2545 Microsoft Office
Memory Corruption
Use-after-free in EPS forall operator ??? 2015-09-08 ??? ???
77
CVE-2015-2502 Microsoft Internet Explorer
Memory Corruption
Use-after-free in CMarkup::ReparentTableSection
??? 2015-08-18 ??? ???
78
CVE-2015-1642 Microsoft Office
Memory Corruption
Use-after-free in CTaskSymbol 2015-02-27 2015-08-11 ??? ???
79
CVE-2015-1769 Microsoft Windows Logic/Design Flaw Symbolic link attack in Mount Manager ??? 2015-08-11 ??? ???
80
CVE-2015-2426 Microsoft Windows
Memory Corruption
OpenType Font Driver buffer overflow in ZwGdiAddFontMemResourceEx
2015-07-05 2015-07-20 HackingTeam
81
CVE-2015-5122 Adobe Flash Use-after-free Use-after-free in TextBlock 2015-07-05 2015-07-14 HackingTeam
82
CVE-2015-5123 Adobe Flash Use-after-free Use-after-free in BitmapData 2015-07-05 2015-07-14 HackingTeam
83
CVE-2015-2387 Microsoft Windows Kernel
Memory Corruption
ATMFD.DLL named escape memory corruption
2015-07-05 2015-07-14 HackingTeam
84
CVE-2015-2425 Microsoft Internet Explorer Use-after-free Use-after-free in MutationObserver 2015-07-05 2015-07-14 HackingTeam
85
CVE-2015-2424 Microsoft Office
Memory Corruption
Heap corruption in Forms.Image.1 2015-06-30 2015-07-14
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
86
CVE-2015-2590 Oracle Java Race Condition
Race condition in ObjectInputStream.readSerialData
??? 2015-07-14
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
87
CVE-2015-5119 Adobe Flash Use-after-free Use-after-free in ByteArray ValueOf 2015-07-05 2015-07-08 HackingTeam
88
CVE-2015-3113 Adobe Flash
Memory Corruption
Buffer overflow in FLV media parsing ??? 2015-06-23 APT3
89
CVE-2015-2360 Microsoft Windows Kernel
Memory Corruption
Use-after-free on tagCLS object ??? 2015-06-09 Duqu/Unit 8200
90
CVE-2015-4495 Mozilla Firefox Logic/Design Flaw Same-origin policy bypass in PDF reader 2015-08-05 2015-08-06 ??? ???
91
CVE-2015-1701 Microsoft Windows Kernel Logic/Design Flaw CreateWindow callback validation error 2015-04-18 2015-05-12
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
92
CVE-2015-3043 Adobe Flash
Memory Corruption
Buffer overflow in FLV media parsing 2015-04-13 2015-04-14
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
93
CVE-2015-1641 Microsoft Office
Memory Corruption
Type confusion in SmartTag element ??? 2015-04-14 ??? ???
94
CVE-2015-0071 Microsoft Internet Explorer Information Leak
Out-of-bounds read in Js::JavascriptRegExpConstructor::SetProperty
??? 2015-02-10 Codoso/APT19
95
CVE-2015-0313 Adobe Flash Use-after-free Use-after-free in ByteArray::Clear 2015-01-14 2015-02-05 Hanjuan
96
CVE-2015-0311 Adobe Flash Use-after-free
Use-after-free in ByteArray::UncompressViaZlibVariant
2015-01-20 2015-01-27 Angler
97
CVE-2015-0310 Adobe Flash Information Leak Out-of-bounds read in RegExp::exec 2015-01-16 2015-01-22 Angler
98
CVE-2015-0016 Microsoft Windows Logic/Design Flaw
Improper path validation leads to IE sandbox escape
??? 2015-01-13 ??? ???
99
CVE-2014-9163 Adobe Flash
Memory Corruption
Unspecified stack buffer overflow in Flash ??? 2014-12-09 ??? Codoso/APT19
100
CVE-2014-6324 Microsoft Windows Logic/Design Flaw
Logic/design flaw in Kerberos KDC allowing remote domain controller escalation of privilege
??? 2014-11-18 ??? ???
101
CVE-2014-6352 Microsoft Office Logic/Design Flaw Logic/design flaw in Packager OLE class ??? 2014-11-11 ??? ???
102
CVE-2014-4077 Microsoft Windows Logic/Design Flaw
Unspecified sandbox escape vulnerability in IME (Japanese)
??? 2014-11-11 ??? ??? ???
103
CVE-2014-4113 Microsoft Windows
Memory Corruption
NULL pointer dereference in win32k!win32k!xxxHandleMenuMessages
??? 2014-10-14 HURRICANE PANDA
104
CVE-2014-4148 Microsoft Windows
Memory Corruption
Unspecified memory corruption in TrueType fonts
??? 2014-10-14 ??? ???
105
CVE-2014-8439 Adobe Flash
Memory Corruption
Unspecified memory corruption in Flash ??? 2014-10-14 ??? Angler
106
CVE-2014-4123 Microsoft Internet Explorer
Memory Corruption
Unspecified sandbox escape vulnerability ??? 2014-10-14 ??? ??? ???
107
CVE-2014-4114 Microsoft Office Logic/Design Flaw Logic/design flaw in Packager OLE class ??? 2014-10-14
Sandworm/Black Energy
108
CVE-2014-0546 Adobe Reader Logic/Design Flaw Unspecified sandbox escape vulnerability ??? 2014-08-12 ??? Animal Farm
109
CVE-2014-2817 Microsoft Internet Explorer Logic/Design Flaw
Sandbox escape in IIEAxInstallBrokerBrokerPtr
??? 2014-08-12 ??? ???

tweets:

admin