It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerabili…
This Metasploit module exploits a flaw in how the Equation Editor handles OLE objects in memory to execute arbitrary code using RTF files without interaction.
Source: Microsoft Office Equation Editor Code Execution
The post Microsoft Office Equation Ed…
Microsoft Edge Chakra JIT suffers from an incorrect function declaration scope.
Source: Microsoft Edge Chakra JIT Incorrect Function Declaration Scope
The post Microsoft Edge Chakra JIT Incorrect Function Declaration Scope appeared first on MondoUnix.
Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared does not return the return instruction.
Source: Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared Failed Return
The post Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget…
Microsoft Edge Chakra JIT GlobOpt::OptTagChecks must consider IsLoopPrePass properly.
Source: Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration
The post Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration appeare…
Microsoft Edge Chakra JIT BailOutOnTaggedValue bailouts can be generated for constant values.
Source: Microsoft Edge Chakra JIT BailOutOnTaggedValue Bailouts
The post Microsoft Edge Chakra JIT BailOutOnTaggedValue Bailouts appeared first on MondoUnix.
It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
Source: Microsoft Wi…
It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
Source: Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass
…
Microsoft Edge Chakra suffers from a JIT issue where bailouts must be generated for OP_Memset.
Source: Microsoft Edge Chakra JIT Bailout Generation
The post Microsoft Edge Chakra JIT Bailout Generation appeared first on MondoUnix.
Microsoft Edge Chakra suffers from a Jit related incorrect integer overflow check in Lowerer::LowerBoundCheck.
Source: Microsoft Edge Charka JIT Incorrect Check
The post Microsoft Edge Charka JIT Incorrect Check appeared first on MondoUnix.
