use-after-free – Page 2 – WindowsTechs.com

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Posted on April 4, 2020 by Tom Spring

Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution. Continue reading Firefox Zero-Day Flaws Exploited in the Wild Get Patched→

VMware patches virtualisation bugs

Posted on March 18, 2020 by Danny Bradbury

Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines. Continue reading VMware patches virtualisation bugs→

This Week in Security: Chrome Speech bug, UDP Fragmentation, and the Big Citrix Vulnerability

Posted on January 24, 2020 by Jonathan Bennett

A critical security bug was fixed in Chrome recently, CVE-2020-6378. The CVE report is still marked private, as well as the bug report. All we have is “Use-after-free in speech recognizer”. Are we out of luck, trying to learn more about this vulnerability? If you look closely at the private …read more

Continue reading This Week in Security: Chrome Speech bug, UDP Fragmentation, and the Big Citrix Vulnerability→

Google Discloses Chrome Flaw Exploited in the Wild

Posted on November 1, 2019 by Lindsey O'Donnell

Google warns exploits in the wild against a Use After Free vulnerability in Chrome’s audio component. Continue reading Google Discloses Chrome Flaw Exploited in the Wild→

Obtaining code execution from use after free?

Posted on September 13, 2019 by dev

Can somebody advise how to exploit this use after free bug on a high level, if this is even possible? Low level (detailed advice) would also be great.

How to obtain code execution here?

The bug is simulated and this is do… Continue reading Obtaining code execution from use after free?→

Why does hydraqs exploit put "abc" in its x1 array?

Posted on June 7, 2019 by Lavair

Here there is a thorough description of the exploit I am talking about. There is this step:

var x1 = new Array();
for (i = 0; i < 200; ++i) {
x1[i] = document.createElement(“COMMENT”);
x1[i].data=”abc”;
};
var e1 … Continue reading Why does hydraqs exploit put "abc" in its x1 array?→

Linux Kernel Flaw Allows Remote Code-Execution

Posted on May 14, 2019 by Tara Seals

The bug is remotely exploitable without authentication or user interaction. Continue reading Linux Kernel Flaw Allows Remote Code-Execution→

Windows Zero-Day Emerges in Active Exploits

Posted on April 16, 2019 by Tara Seals

Patched just last week, the Windows kernel bug is being used for full system takeover. Continue reading Windows Zero-Day Emerges in Active Exploits→

Adobe Fixes Two Critical Acrobat and Reader Flaws

Posted on January 4, 2019 by Lindsey O'Donnell

An unscheduled patch fixed two critical flaws that could enable arbitrary code execution. Continue reading Adobe Fixes Two Critical Acrobat and Reader Flaws→

SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

Posted on October 29, 2018 by SSD / Ori Nimron

Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with this subsystem by sending IPC mess… Continue reading SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free→