Google Security Research - Security Researcher - Exploit Intelligence Platform

CVE-2016-7240 EXPLOITDB HIGH html WORKING POC

Microsoft Edge < 1.2.2 - Memory Corruption

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.

CVSS 7.5

View Code

CVE-2016-7201 EXPLOITDB HIGH html WORKING POC

Microsoft Edge < 1.2.2 - Type Confusion

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

CVSS 8.8

View Code

CVE-2016-7202 EXPLOITDB HIGH html WORKING POC

Microsoft Edge < 1.2.2 - Memory Corruption

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

CVSS 7.5

View Code

CVE-2019-0612 EXPLOITDB MEDIUM text WORKING POC

Microsoft Edge - Auth Bypass

A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.

CVSS 5.3

View Code

EIP-2026-115637 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar

View Code

CVE-2016-7200 EXPLOITDB HIGH html WORKING POC

Microsoft Edge < 1.2.2 - Out-of-Bounds Write

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

CVSS 8.8

View Code

CVE-2019-1123 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115636 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

View Code

CVE-2016-7189 EXPLOITDB HIGH html WORKING POC

Microsoft Edge < 1.2.1 - Memory Corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."

CVSS 7.5

View Code

CVE-2019-1118 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1119 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1127 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1117 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115635 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index

View Code

CVE-2016-7190 EXPLOITDB HIGH html WORKING POC

Microsoft Edge - Memory Corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.

CVSS 7.5

View Code

CVE-2016-7287 EXPLOITDB HIGH html WORKING POC

Microsoft Edge - Memory Corruption

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

CVSS 7.5

View Code

CVE-2019-1124 EXPLOITDB HIGH text WRITEUP

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1121 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1120 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1122 EXPLOITDB HIGH text WRITEUP

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115632 EXPLOITDB text WRITEUP

Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW

View Code

EIP-2026-115630 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory

View Code

CVE-2019-1244 EXPLOITDB MEDIUM text WORKING POC

Microsoft Windows 10 - Information Disclosure

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.

CVSS 6.5

View Code

CVE-2019-1128 EXPLOITDB HIGH text WORKING POC

Microsoft DirectWrite - RCE

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.

CVSS 8.8

View Code

EIP-2026-115631 EXPLOITDB text WRITEUP

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding

View Code