The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains a vulnerability that can be leveraged to enable an attacker to write arbitrary code. The ‘OutputAddress’ from the IOCTL call is not validated before it attempts to write to memory. The content of the write is a four-byte hex value that is always greater than that of the […]
The Vulnerability Laboratory Research Team discovered a persistent input validation web vulnerability in the official DELL Scrutinizer v12.0.3 Software.
The Vulnerability Laboratory Research Team discovered an application-side input validation web vulnerability in the official Lithium Forum online service web-application.
Samsung Galaxy S6 suffers from a bitmap decoding crash in Samsung Gallery.
Samsung Galaxy S6 suffers from a gif parsing crash in Samsung Gallery.
This proof of concept exploit triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard.
This proof of concept exploit triggers a null pointer condition on Windows 7 32-bit, which can potentially be exploited on versions of Windows that allow mapping the null page (e.g. Windows 7 32-bit).
This proof of concept exploit triggers a null pointer vulnerability in OffsetChildren on Windows 7 32-bit. By mapping the null page an attacker can leverage this vulnerability to write to an arbitrary address.
There are a number of use-after-free vulnerabilities in MovieClip.beginGradientFill. If the spreadMethod or any other string parameter is an object with toString defined, this method can free the MovieClip, which is then used. Note that many parameters to this function can be used to execute script and free the MovieClip during execution, it is recommended […]