Google Security Research - Security Researcher - Exploit Intelligence Platform

CVE-2018-0758 EXPLOITDB HIGH javascript WORKING POC

ChakraCore < 1.7.6 - Remote Code Execution via Memory Corruption

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.

CVSS 7.5

View Code

CVE-2018-0780 EXPLOITDB MEDIUM javascript WORKING POC

Microsoft Edge - Information Disclosure via Scripting Engine Memory Handling

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.

CVSS 5.3

View Code

CVE-2016-7200 EXPLOITDB HIGH html WORKING POC

Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

CVSS 8.8

View Code

EIP-2026-115637 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar

View Code

CVE-2016-7189 EXPLOITDB HIGH html WORKING POC

Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."

CVSS 7.5

View Code

CVE-2019-1123 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115636 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

View Code

CVE-2016-7190 EXPLOITDB HIGH html WORKING POC

Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.

CVSS 7.5

View Code

CVE-2019-1118 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1119 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1127 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1117 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115635 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index

View Code

CVE-2016-7202 EXPLOITDB HIGH html WORKING POC

Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

CVSS 7.5

View Code

CVE-2019-1121 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1124 EXPLOITDB HIGH text WRITEUP

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115632 EXPLOITDB text WRITEUP

Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW

View Code

CVE-2019-1120 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

CVE-2019-1122 EXPLOITDB HIGH text WRITEUP

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

CVSS 8.8

View Code

EIP-2026-115633 EXPLOITDB text WRITEUP

Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table

View Code

EIP-2026-115630 EXPLOITDB text WORKING POC

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory

View Code

CVE-2019-1244 EXPLOITDB MEDIUM text WORKING POC

Windows 10 - Information Disclosure via DirectWrite Memory Handling

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.

CVSS 6.5

View Code

CVE-2019-1128 EXPLOITDB HIGH text WORKING POC

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.

CVSS 8.8

View Code

EIP-2026-115634 EXPLOITDB text WRITEUP

Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays

View Code

EIP-2026-115631 EXPLOITDB text WRITEUP

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding

View Code