google’s security lab “project zero“
has made itself a name.
(you can subscribe to their rss feed with thunderbird.)
Posted by Ben Hawkes, Project Zero (team lead) (2019-05-15)
Project Zero’s team mission is to “make zero-day hard”, i.e. to make it more costly to discover and exploit security vulnerabilities. We primarily achieve this by performing our own security research, but at times we also study external instances of zero-day exploits that were discovered “in the wild”. These cases provide an interesting glimpse into real-world attacker behavior and capabilities, in a way that nicely augments the insights we gain from our own research.
Today, we’re sharing our tracking spreadsheet for publicly known cases of detected zero-day exploits, in the hope that this can be a useful community resource:
Spreadsheet link: 0day “In the Wild”
This data is collected from a range of public sources. We include relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does not mean we endorse or validate the content there. The data described in the spreadsheet is nothing new, but we think that collecting it together in one place is useful. For example, it shows that:
- On average, a new “in the wild” exploit is discovered every 17 days (but in practice these often clump together in exploit chains that are all discovered on the same date);
- Across all vendors, it takes 15 days on average to patch a vulnerability that is being used in active attacks;
- A detailed technical analysis on the root-cause of the vulnerability is published for 86% of listed CVEs;
- Memory corruption issues are the root-cause of 68% of listed CVEs.
We also think that this data poses an interesting question: what is the detection rate of 0day exploits? In other words, at what rate are 0day exploits being used in attacks without being detected? This is a key “unknown parameter” in security, and how you model it will greatly inform your views, plans, and priorities as a defender.
It’s also important that we interpret this data as a failure-case for an attacker, and so it doesn’t make sense to draw overarching conclusions about attacker behavior based on a limited data set like this — we see a brief glimpse, but not the whole story.
Additionally, the rate of detection is likely to differ substantially between platforms (e.g. mobile vs desktop), so it’s not useful for direct comparisons between platforms either.
Finally, if you spot something in the spreadsheet that looks incorrect, let us know! We hope to maintain and improve this spreadsheet over time, and welcome suggestions for additions or corrections based on publicly available data.
src: https://googleprojectzero.blogspot.com/p/0day.html
catastrophic security hole in WhatsApp’s voip-stack allows malware and spying
i just hope there is no such thing in signal, telegram and co. X-D
another OpenSource VideoConferencing system:
https://dwaves.de/2017/02/24/webrtc-based-video-conferencing-howto-setup-jitsi-debian-mate-opensource-alternative-to-skype/
“The attacker can simply insert the Spyware into the respective device by a WhatsApp call, even if the called one does not pick up at all.” (auto translated from src: heise.de)
“By February 2018, WhatsApp had over one and a half billion users,[51][52] making it the most popular messaging application at the time.[52][53] It has grown in multiple countries, including Brazil, India, and large parts of Europe, including the United Kingdom and France.[52]”
(src: wikipedia.org)
Just imagine – you could send those 1.5 billion phones a specially crafted message and ransom-encrypt all the phone’s content and charge 10$ for decryption?
It is probably also used by private and governmental intelligence companies to spy on target people’s phones.
CVE-2019-3568
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134,
WhatsApp Business for Android prior to v2.19.44,
WhatsApp for iOS prior to v2.19.51,
WhatsApp Business for iOS prior to v2.19.51,
WhatsApp for Windows Phone prior to v2.18.348,
WhatsApp for Tizen prior to v2.18.15.
While signal.org mention that Snowden and Laura Poitras recommend:
signal.org Messenger (Open Whisper Systems) (they now even have a Desktop-Version with official packages.deb for Debian/Ubuntu, but you can also install signal messenger on Fedora/RedHat/CentOS7 like this)
Signal seemed to be “independent” – in fact – Moxie Marlinspike sold it to Twitter for an undiscloused amount of money – which makes the whole thing smell fishy… but according to wikipedia everything is “okidokay”
“During an interview with The New Yorker in October 2014, he recommended using “anything from Moxie Marlinspike and Open Whisper Systems”.[54] During a remote appearance at an event hosted by Ryerson University and Canadian Journalists for Free Expression in March 2015, Snowden said that Signal is “very good” and that he knew the security model.[55] Asked about encrypted messaging apps during a Reddit AMA in May 2015, he recommended “Signal for iOS, Redphone/TextSecure for Android”.[56][57] In November 2015, Snowden tweeted that he used Signal “every day”.[58]”
(src: https://en.wikipedia.org/wiki/Signal_Messenger#Reception)
I use Signal every day. #notesforFBI (Spoiler: they already know) https://t.co/KNy0xppsN0
— Edward Snowden (@Snowden) November 2, 2015
Even if Moxie Marlinspike left Twitter to – again – to form a company with a
“Whisper Systems was an enterprise mobile security company that was co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson in 2010.[1] The company was acquired by Twitter in November 2011.[2][3][4]
Some of the company’s software products were released under free software licenses after the acquisition,[5] which led to the creation of an independent organization called Open Whisper Systems.[6]” (src: Wikipedia.org)
“Marlinspike later left Twitter and founded Open Whisper Systems as a collaborative open source project for the continued development of TextSecure and RedPhone.[19][20]”
2011: “Twitter acquired the company that makes TextSecure, Whisper Systems”
“In countries where governments have more strict control over wireless networks, Whisper Systems’ apps have been extremely helpful to dissidents wanting to communicate and organize securely.” (src: 2011: mashable.com)
- RedPhone
- A stand-alone application for encrypted voice calling on Android. RedPhone integrated with the system dialer to make calls, but used ZRTP to set up an end-to-end encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and used push notifications to preserve the user’s device’s battery life while still remaining responsive.[81] RedPhone was merged into TextSecure on November 2, 2015.[37] TextSecure was then renamed as Signal for Android.[37] RedPhone’s source code was available under the GPLv3 license.[81]
- TextSecure
- A stand-alone application for encrypted messaging on Android.[82][83] TextSecure could be used to send and receive SMS, MMS, and instant messages.[84] It used end-to-end encryption with forward secrecy and deniable authentication to secure all instant messages to other TextSecure users.[60][83][85][86] TextSecure was merged with RedPhone to become Signal for Android[37], but lost its ability to encrypt SMS. The source code is available under the GPLv3 license.[82]
0day “In the Wild” | |
2
|
Last updated: 2019-05-15 |
---|---|
3
|
|
4
|
This spreadsheet is used to track cases of zero-day exploits that were detected “in the wild”. This means the
vulnerability was detected in real attacks against users as a zero-day vulnerability (i.e. not known to the public or the vendor at the time of detection). This data is collected from a range of public sources. We include relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does not mean we endorse or validate the content there. |
5
|
|
6
|
An introduction to this spreadsheet is available on the Project Zero blog: |
7
|
https://googleprojectzero.blogspot.com/p/0day.html |
8
|
|
9
|
Some additional notes on how the data is processed: |
10
|
– Scope for inclusion: there are some 0day exploits (such as CVE-2017-12824) in areas that aren’t active
research targets for Project Zero. Generally this list includes targets that Project Zero has previously investigated (i.e. there are bug reports in our issue tracker) or will investigate in the near future. |
11
|
– Security supported: this list does not include exploits for software that is explicitly EOL at the time of
discovery (such as the ExplodingCan exploit for IIS on Windows Server 2003, surfaced in 2017). |
12
|
– Post-disclosure: this list does not include CVEs that were opportunistically exploited by attackers in the gap
between public disclosure (or “full disclosure”) and a patch becoming available to users (such as CVE-2015-0072, CVE-2018-8414 or CVE-2018-8440). |
13
|
– Reasonable inference: this list includes exploits that were not discovered in an active breach, but were
leaked or discovered in a form that suggests with high confidence that they were probably used “in the wild” at some point (e.g. Equation Group and Hacking Team leaks). |
14
|
– Date resolution: we only set the date of discovery when the reporter specifies one. If a discovery is
indicated as being made in “late April” or “early March”, we record that as if no date was provided. |
15
|
– Attribution: generally the “claimed attribution” column refers to the attack team that is reportedly using the
exploit, but in some cases it can refer to the supplier of the exploit (c.f. HackingTeam, NSO Group, Exodus Intel) if no other information is available. |
16
|
– Time range: data collection starts from the day we announced Project Zero — July 15, 2014. |
17
|
|
18
|
For additions, corrections, questions, or comments, please contact 0day-in-the-wild@google.com |
1
|
CVE | Vendor | Product | Type | Description |
Date Discovered
|
Date Patched
|
Advisory | Analysis URL |
Claimed Attribution
|
Claimed Attribution URL
|
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2
|
CVE-2019-3568 |
Memory Corruption
|
Buffer overflow in SRTCP packets | ??? | 2019-05-13 | NSO Group | ||||||
3
|
CVE-2019-0803 | Microsoft | Windows |
Memory Corruption
|
Unspecified memory corruption in win32k | ??? | 2019-04-09 | ??? | ??? | ??? | ||
4
|
CVE-2019-0859 | Microsoft | Windows |
Memory Corruption
|
Use-after-free in CreateWindowEx | 2019-03-17 | 2019-04-09 | ??? | ??? | |||
5
|
CVE-2019-0703 | Microsoft | Windows | Information Leak |
Unspecified information leak vulnerability in SMB
|
??? | 2019-03-12 | ??? | APT3/Buckeye | |||
6
|
CVE-2019-0808 | Microsoft | Windows |
Memory Corruption
|
NULL pointer dereference in win32k!xxxMNFindWindowFromPoint
|
??? | 2019-03-12 | ??? | ??? | |||
7
|
CVE-2019-0797 | Microsoft | Windows |
Memory Corruption
|
Race condition in NtDCompositionDestroyConnection
|
2019-02-22 | 2019-03-12 |
FruityArmor/Stealth Falcon, and Sandcat
|
||||
8
|
CVE-2019-5786 | Chrome |
Memory Corruption
|
Use-after-free in FileReader | ??? | 2019-03-01 | ??? | ??? | ||||
9
|
CVE-2019-0676 | Microsoft | Internet Explorer | Information Leak | Unspecified information leak vulnerability | ??? | 2019-02-12 | ??? | ??? | ??? | ||
10
|
CVE-2019-7286 | Apple | iOS |
Memory Corruption
|
Use-after-free in CFPrefsDaemon | ??? | 2019-02-07 | ??? | ??? | |||
11
|
CVE-2019-7287 | Apple | iOS |
Memory Corruption
|
Buffer overflow in ProvInfoIOKitUserClient | ??? | 2019-02-07 | ??? | ??? | |||
12
|
CVE-2018-8653 | Microsoft | Internet Explorer |
Memory Corruption
|
Use-after-free in Enumerator | ??? | 2018-12-19 | ??? | ??? | |||
13
|
CVE-2018-8611 | Microsoft | Windows |
Memory Corruption
|
Race condition in kernel transaction manager
|
2018-10-29 | 2018-12-11 |
FruityArmor/Stealth Falcon, and Sandcat
|
||||
14
|
CVE-2018-15982
|
Adobe | Flash |
Memory Corruption
|
Use-after-free in TVSDK Metadata | 2018-11-29 | 2018-12-05 | ??? | ??? | |||
15
|
CVE-2018-8589 | Microsoft | Windows |
Memory Corruption
|
Race condition in win32k!xxxMoveWindow | 2018-10-17 | 2018-11-13 |
FruityArmor/Stealth Falcon, and Sandcat
|
||||
16
|
CVE-2018-8453 | Microsoft | Windows |
Memory Corruption
|
Use-after-free in win32kfull!xxxDestroyWindow
|
2018-08-17 | 2018-10-09 |
FruityArmor/Stealth Falcon
|
||||
17
|
CVE-2018-8373 | Microsoft | VBScript |
Memory Corruption
|
Use-after-free in VBScript AssignVar | 2018-07-11 | 2018-08-14 | ??? | ??? | |||
18
|
CVE-2018-5002 | Adobe | Flash |
Memory Corruption
|
Out-of-bounds read/write in AVM li8 opcode | ??? | 2018-06-07 |
FruityArmor/Stealth Falcon
|
||||
19
|
CVE-2018-4990 | Adobe | Reader |
Memory Corruption
|
Out-of-bounds free in JPEG2000 CMAP | ??? | 2018-05-14 | ??? | ??? | |||
20
|
CVE-2018-8120 | Microsoft | Windows |
Memory Corruption
|
NULL pointer dereference in NtUserSetImeInfoEx
|
??? | 2018-05-08 | ??? | ??? | |||
21
|
CVE-2018-8174 | Microsoft | VBScript |
Memory Corruption
|
Use-after-free in VBScriptClass::Release | ??? | 2018-05-08 | ??? | ??? | |||
22
|
CVE-2018-4878 | Adobe | Flash |
Memory Corruption
|
Use-after-free in MediaPlayer DRM Listener | ??? | 2018-02-06 |
ScarCruft/APT37/Reaper
|
||||
23
|
CVE-2018-0802 | Microsoft | Office |
Memory Corruption
|
Buffer overflow in equation editor lfFaceName
|
??? | 2018-01-09 | ??? | ??? | |||
24
|
CVE-2017-11292
|
Adobe | Flash |
Memory Corruption
|
Type confusion in TVSDK BufferControlParameters
|
2017-10-10 | 2017-10-16 | BlackOasis | ||||
25
|
CVE-2017-11826
|
Microsoft | Office |
Memory Corruption
|
Memory corruption in Open XML format nested tags
|
2017-09-28 | 2017-10-10 | ??? | ??? | |||
26
|
CVE-2017-8759 | Microsoft | Office | Logic/Design Flaw | Code injection in SOAP WSDL parser | ??? | 2017-09-12 | BlackOasis | ||||
27
|
CVE-2017-8464 | Microsoft | Windows | Logic/Design Flaw | Code injection in LNK file ExtraData parsing | ??? | 2017-06-13 | ??? | ??? | |||
28
|
CVE-2017-8543 | Microsoft | Windows |
Memory Corruption
|
Buffer overflow in Windows Search CTableVariant
|
??? | 2017-06-13 | ??? | ??? | |||
29
|
CVE-2017-0261 | Microsoft | Office |
Memory Corruption
|
Use-after free in EPS restore operator | ??? | 2017-05-09 | Turla | ||||
30
|
CVE-2017-0262 | Microsoft | Office |
Memory Corruption
|
Type Confusion in EPS forall operator | ??? | 2017-05-09 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
31
|
CVE-2017-0263 | Microsoft | Windows |
Memory Corruption
|
Use-after-free in win32k!xxxDestroyWindow | ??? | 2017-05-09 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
32
|
CVE-2017-0222 | Microsoft | Internet Explorer |
Memory Corruption
|
Unspecified memory corruption in Internet Explorer
|
??? | 2017-05-09 | ??? | ??? | ??? | ||
33
|
CVE-2017-8291 | Ghostscript | Ghostscript |
Memory Corruption
|
Type confusion in rsdparams internal operator
|
??? | 2017-04-27 | ??? | ||||
34
|
CVE-2017-0210 | Microsoft | Internet Explorer | UXSS | UXSS in htmlFile ActiveX control | ??? | 2017-04-11 | ??? | ??? | |||
35
|
CVE-2017-0199 | Microsoft | Office | Logic/Design Flaw |
Logic/design flaw in embedded HTA documents
|
??? | 2017-04-11 |
??? (FINSPY/LatentBot)
|
||||
36
|
CVE-2017-1274 | IBM | Domino |
Memory Corruption
|
Buffer overflow in IMAP EXAMINE (EmphasisMine)
|
??? | 2017-03-20 | ??? | Equation Group | |||
37
|
CVE-2017-3881 | Cisco | IOS |
Memory Corruption
|
Buffer overflow in IOS Cluster Management Protocol
|
??? | 2017-03-17 | Vault 7 | ||||
38
|
CVE-2017-0149 | Microsoft | Internet Explorer |
Memory Corruption
|
Memory corruption in VBScript rtJoin | ??? | 2017-03-14 | ??? | ??? | |||
39
|
CVE-2017-0022 | Microsoft | XML Core Services | Information Leak |
Information leak in MSXML version resource
|
??? | 2017-03-14 | AdGholas/Neutrino | ??? | |||
40
|
CVE-2017-0005 | Microsoft | Windows |
Memory Corruption
|
Unspecified memory corruption in GDI | ??? | 2017-03-14 | ZIRCONIUM/APT31 | ||||
41
|
CVE-2017-0143 | Microsoft | Windows |
Memory Corruption
|
Type confusion in SMB messages (EternalSynergy)
|
??? | 2017-03-14 | Equation Group | ||||
42
|
CVE-2017-0144 | Microsoft | Windows |
Memory Corruption
|
Buffer overflow in SMB File Extended Attributes (EternalBlue)
|
??? | 2017-03-14 | Equation Group | ||||
43
|
CVE-2017-0145 | Microsoft | Windows |
Memory Corruption
|
Unspecified type confusion in SMB (EternalRomance)
|
??? | 2017-03-14 | Equation Group | ||||
44
|
CVE-2017-0146 | Microsoft | Windows |
Memory Corruption
|
Race condition in SMB transactions (EternalChampion)
|
??? | 2017-03-14 | Equation Group | ||||
45
|
CVE-2017-0147 | Microsoft | Windows | Information Leak |
Information leak in SMB transactions (EternalChampion)
|
??? | 2017-03-14 | Equation Group | ||||
46
|
CVE-2016-7892 | Adobe | Flash |
Memory Corruption
|
Unspecified use-after-free issue | ??? | 2016-12-13 | ??? | ??? | ??? | ||
47
|
CVE-2016-9079 | Mozilla | Firefox |
Memory Corruption
|
Use-after-free in SVG Animation (Tor exploit)
|
2016-11-29 | 2016-11-30 | Exodus Intel | ||||
48
|
CVE-2016-7256 | Microsoft | Windows |
Memory Corruption
|
Memory corruption on OpenType fonts CFF name index
|
??? | 2016-11-08 | ??? | ||||
49
|
CVE-2016-7255 | Microsoft | Windows Kernel |
Memory Corruption
|
Memory corruption in NtUserSetWindowLongPtr
|
2016-10-21 | 2016-11-08 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
50
|
CVE-2016-7855 | Adobe | Flash |
Memory Corruption
|
Unspecified use-after-free issue | 2016-10-21 | 2016-10-26 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
51
|
CVE-2016-5195 | Linux | Kernel |
Memory Corruption
|
Race condition in copy-on-write (DirtyCOW) | ??? | 2016-10-18 | ??? | ??? | ??? | ||
52
|
CVE-2016-3298 | Microsoft | Internet Explorer | Information Leak | Information leak in Microsoft.XMLDOM | ??? | 2016-10-11 | AdGholas/Neutrino | ||||
53
|
CVE-2016-3393 | Microsoft | Windows |
Memory Corruption
|
Memory corruption in TTF cjComputeGLYPHSET_MSFT_GENERAL
|
??? | 2016-10-11 |
FruityArmor/Stealth Falcon
|
||||
54
|
CVE-2016-7193 | Microsoft | Office |
Memory Corruption
|
Memory corruption in \dfrxst | ??? | 2016-10-11 | ??? | ??? | |||
55
|
CVE-2016-3351 | Microsoft | Internet Explorer | Information Leak | Information leak in a.mimeType | ??? | 2016-09-13 | AdGholas | ||||
56
|
CVE-2016-4655 | Apple | iOS | Information Leak |
Information leak in kernel OSUnserializeBinary (Pegasus)
|
2016-08-15 | 2016-08-25 | NSO Group | ||||
57
|
CVE-2016-4656 | Apple | iOS |
Memory Corruption
|
Use-after-free in kernel OSUnserializeBinary (Pegasus)
|
2016-08-15 | 2016-08-25 | NSO Group | ||||
58
|
CVE-2016-4657 | Apple | WebKit |
Memory Corruption
|
Use-after-free in MarkedArgumentBuffer (Pegasus)
|
2016-08-15 | 2016-08-25 | NSO Group | ||||
59
|
CVE-2016-6366 | Cisco | ASA |
Memory Corruption
|
Buffer overflow in SNMP parsing (EXTRABACON)
|
2016-08-15 | 2016-08-17 | Equation Group | ||||
60
|
CVE-2016-6367 | Cisco | ASA |
Memory Corruption
|
Buffer overflow in CLI parsing (EPICBANANA)
|
2016-08-15 | 2016-08-17 | ??? | Equation Group | |||
61
|
CVE-2016-4171 | Adobe | Flash |
Memory Corruption
|
Memory corruption in ExecPolicy metadata parsing
|
??? | 2016-06-15 |
ScarCruft/APT37/Reaper
|
||||
62
|
CVE-2016-4117 | Adobe | Flash |
Memory Corruption
|
Type confusion in tvsdk DeleteRangeTimelineOperation
|
2016-05-08 | 2016-05-12 | BlackOasis | ||||
63
|
CVE-2016-0189 | Microsoft | Internet Explorer |
Memory Corruption
|
Memory corruption in VBScript AccessArray
|
??? | 2016-05-10 | ??? | ||||
64
|
CVE-2016-0162 | Microsoft | Internet Explorer | Information Leak | Unspecified file detection issue | ??? | 2016-04-12 | Stegano/Astrum | ||||
65
|
CVE-2016-0165 | Microsoft | Windows Kernel |
Memory Corruption
|
Buffer overflow in RGNMEMOBJ::vCreate | ??? | 2016-04-12 | ??? | ??? | |||
66
|
CVE-2016-0167 | Microsoft | Windows Kernel |
Memory Corruption
|
Use-after-free in win32k!xxxMNDestroyHandler
|
2016-03-08 | 2016-04-12 | FIN8 | ||||
67
|
CVE-2016-1019 | Adobe | Flash |
Memory Corruption
|
Type confusion in FileReference | 2016-04-02 | 2016-04-07 | Magnitude | ||||
68
|
CVE-2016-1010 | Adobe | Flash |
Memory Corruption
|
Buffer overflow in BitmapData.copyPixels | ??? | 2016-03-10 |
ScarCruft/APT37/Reaper
|
||||
69
|
CVE-2016-0984 | Adobe | Flash |
Memory Corruption
|
Use-after-free in Sound.loadPCMFromByteArray
|
2016-01-11 | 2016-02-09 | BlackOasis | ||||
70
|
CVE-2016-0034 | Microsoft | Silverlight |
Memory Corruption
|
Memory corruption in BinaryReader | 2015-11-25 | 2016-01-12 | HackingTeam | ||||
71
|
CVE-2015-8651 | Adobe | Flash |
Memory Corruption
|
Integer overflow in domainMemory | ??? | 2015-12-28 | ??? | Dark Hotel | |||
72
|
CVE-2015-6175 | Microsoft | Windows Kernel |
Memory Corruption
|
Memory corruption in gpuenergydrv.sys | ??? | 2015-12-08 | ??? | ??? | |||
73
|
CVE-2015-4902 | Oracle | Java | Logic/Design Flaw | Click-to-play bypass | ??? | 2015-10-20 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
74
|
CVE-2015-7645 | Adobe | Flash | Type Confusion |
Type confusion in IExternalizable.writeExternal
|
2015-10-13 | 2015-10-16 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
75
|
CVE-2015-2546 | Microsoft | Windows Kernel |
Memory Corruption
|
Use-after-free in xxxSendMessage (tagPOPUPMENU)
|
??? | 2015-09-08 | ??? | ??? | |||
76
|
CVE-2015-2545 | Microsoft | Office |
Memory Corruption
|
Use-after-free in EPS forall operator | ??? | 2015-09-08 | ??? | ??? | |||
77
|
CVE-2015-2502 | Microsoft | Internet Explorer |
Memory Corruption
|
Use-after-free in CMarkup::ReparentTableSection
|
??? | 2015-08-18 | ??? | ??? | |||
78
|
CVE-2015-1642 | Microsoft | Office |
Memory Corruption
|
Use-after-free in CTaskSymbol | 2015-02-27 | 2015-08-11 | ??? | ??? | |||
79
|
CVE-2015-1769 | Microsoft | Windows | Logic/Design Flaw | Symbolic link attack in Mount Manager | ??? | 2015-08-11 | ??? | ??? | |||
80
|
CVE-2015-2426 | Microsoft | Windows |
Memory Corruption
|
OpenType Font Driver buffer overflow in ZwGdiAddFontMemResourceEx
|
2015-07-05 | 2015-07-20 | HackingTeam | ||||
81
|
CVE-2015-5122 | Adobe | Flash | Use-after-free | Use-after-free in TextBlock | 2015-07-05 | 2015-07-14 | HackingTeam | ||||
82
|
CVE-2015-5123 | Adobe | Flash | Use-after-free | Use-after-free in BitmapData | 2015-07-05 | 2015-07-14 | HackingTeam | ||||
83
|
CVE-2015-2387 | Microsoft | Windows Kernel |
Memory Corruption
|
ATMFD.DLL named escape memory corruption
|
2015-07-05 | 2015-07-14 | HackingTeam | ||||
84
|
CVE-2015-2425 | Microsoft | Internet Explorer | Use-after-free | Use-after-free in MutationObserver | 2015-07-05 | 2015-07-14 | HackingTeam | ||||
85
|
CVE-2015-2424 | Microsoft | Office |
Memory Corruption
|
Heap corruption in Forms.Image.1 | 2015-06-30 | 2015-07-14 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
86
|
CVE-2015-2590 | Oracle | Java | Race Condition |
Race condition in ObjectInputStream.readSerialData
|
??? | 2015-07-14 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
87
|
CVE-2015-5119 | Adobe | Flash | Use-after-free | Use-after-free in ByteArray ValueOf | 2015-07-05 | 2015-07-08 | HackingTeam | ||||
88
|
CVE-2015-3113 | Adobe | Flash |
Memory Corruption
|
Buffer overflow in FLV media parsing | ??? | 2015-06-23 | APT3 | ||||
89
|
CVE-2015-2360 | Microsoft | Windows Kernel |
Memory Corruption
|
Use-after-free on tagCLS object | ??? | 2015-06-09 | Duqu/Unit 8200 | ||||
90
|
CVE-2015-4495 | Mozilla | Firefox | Logic/Design Flaw | Same-origin policy bypass in PDF reader | 2015-08-05 | 2015-08-06 | ??? | ??? | |||
91
|
CVE-2015-1701 | Microsoft | Windows Kernel | Logic/Design Flaw | CreateWindow callback validation error | 2015-04-18 | 2015-05-12 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
92
|
CVE-2015-3043 | Adobe | Flash |
Memory Corruption
|
Buffer overflow in FLV media parsing | 2015-04-13 | 2015-04-14 |
APT28/Sofacy/Pawn Storm/Fancy Bear/Sednit/STRONTIUM/Tsar Team
|
||||
93
|
CVE-2015-1641 | Microsoft | Office |
Memory Corruption
|
Type confusion in SmartTag element | ??? | 2015-04-14 | ??? | ??? | |||
94
|
CVE-2015-0071 | Microsoft | Internet Explorer | Information Leak |
Out-of-bounds read in Js::JavascriptRegExpConstructor::SetProperty
|
??? | 2015-02-10 | Codoso/APT19 | ||||
95
|
CVE-2015-0313 | Adobe | Flash | Use-after-free | Use-after-free in ByteArray::Clear | 2015-01-14 | 2015-02-05 | Hanjuan | ||||
96
|
CVE-2015-0311 | Adobe | Flash | Use-after-free |
Use-after-free in ByteArray::UncompressViaZlibVariant
|
2015-01-20 | 2015-01-27 | Angler | ||||
97
|
CVE-2015-0310 | Adobe | Flash | Information Leak | Out-of-bounds read in RegExp::exec | 2015-01-16 | 2015-01-22 | Angler | ||||
98
|
CVE-2015-0016 | Microsoft | Windows | Logic/Design Flaw |
Improper path validation leads to IE sandbox escape
|
??? | 2015-01-13 | ??? | ??? | |||
99
|
CVE-2014-9163 | Adobe | Flash |
Memory Corruption
|
Unspecified stack buffer overflow in Flash | ??? | 2014-12-09 | ??? | Codoso/APT19 | |||
100
|
CVE-2014-6324 | Microsoft | Windows | Logic/Design Flaw |
Logic/design flaw in Kerberos KDC allowing remote domain controller escalation of privilege
|
??? | 2014-11-18 | ??? | ??? | |||
101
|
CVE-2014-6352 | Microsoft | Office | Logic/Design Flaw | Logic/design flaw in Packager OLE class | ??? | 2014-11-11 | ??? | ??? | |||
102
|
CVE-2014-4077 | Microsoft | Windows | Logic/Design Flaw |
Unspecified sandbox escape vulnerability in IME (Japanese)
|
??? | 2014-11-11 | ??? | ??? | ??? | ||
103
|
CVE-2014-4113 | Microsoft | Windows |
Memory Corruption
|
NULL pointer dereference in win32k!win32k!xxxHandleMenuMessages
|
??? | 2014-10-14 | HURRICANE PANDA | ||||
104
|
CVE-2014-4148 | Microsoft | Windows |
Memory Corruption
|
Unspecified memory corruption in TrueType fonts
|
??? | 2014-10-14 | ??? | ??? | |||
105
|
CVE-2014-8439 | Adobe | Flash |
Memory Corruption
|
Unspecified memory corruption in Flash | ??? | 2014-10-14 | ??? | Angler | |||
106
|
CVE-2014-4123 | Microsoft | Internet Explorer |
Memory Corruption
|
Unspecified sandbox escape vulnerability | ??? | 2014-10-14 | ??? | ??? | ??? | ||
107
|
CVE-2014-4114 | Microsoft | Office | Logic/Design Flaw | Logic/design flaw in Packager OLE class | ??? | 2014-10-14 |
Sandworm/Black Energy
|
||||
108
|
CVE-2014-0546 | Adobe | Reader | Logic/Design Flaw | Unspecified sandbox escape vulnerability | ??? | 2014-08-12 | ??? | Animal Farm | |||
109
|
CVE-2014-2817 | Microsoft | Internet Explorer | Logic/Design Flaw |
Sandbox escape in IIEAxInstallBrokerBrokerPtr
|
??? | 2014-08-12 | ??? | ??? |
tweets:
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!