Google Security Research

1,215 exploits Active since May 2013
CVE-2016-7202 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
CVSS 7.5
CVE-2016-7200 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
CVSS 8.8
CVE-2016-7203 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
CVSS 7.5
CVE-2019-1123 EXPLOITDB HIGH text WORKING POC
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
EIP-2026-115636 EXPLOITDB text WORKING POC
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
CVE-2019-1118 EXPLOITDB HIGH text WORKING POC
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
CVE-2017-8496 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
CVSS 7.5
EIP-2026-115632 EXPLOITDB text WRITEUP
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
EIP-2026-115634 EXPLOITDB text WRITEUP
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
CVE-2019-1124 EXPLOITDB HIGH text WRITEUP
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
CVE-2019-1121 EXPLOITDB HIGH text WORKING POC
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
EIP-2026-115635 EXPLOITDB text WORKING POC
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
CVE-2017-8646 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
CVSS 7.5
CVE-2017-8657 EXPLOITDB HIGH javascript WORKING POC
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
CVSS 7.5
EIP-2026-115633 EXPLOITDB text WRITEUP
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
CVE-2018-0758 EXPLOITDB HIGH javascript WORKING POC
ChakraCore < 1.7.6 - Remote Code Execution via Memory Corruption
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
CVSS 7.5
CVE-2019-1119 EXPLOITDB HIGH text WORKING POC
Windows 10 and Windows Server 2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
CVE-2019-1127 EXPLOITDB HIGH text WORKING POC
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.
CVSS 8.8
CVE-2019-1117 EXPLOITDB HIGH text WORKING POC
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
CVE-2019-1122 EXPLOITDB HIGH text WRITEUP
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
CVSS 8.8
EIP-2026-115637 EXPLOITDB text WORKING POC
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
CVE-2016-7189 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
CVSS 7.5
CVE-2016-7190 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.
CVSS 7.5
CVE-2016-7240 EXPLOITDB HIGH html WORKING POC
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
CVSS 7.5
CVE-2017-0061 EXPLOITDB MEDIUM text WORKING POC
Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1 - ASLR Bypass via ICM32.dll Memory Handling
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.
CVSS 5.3