Google Security Research

1,215 exploits Active since May 2013
EIP-2026-115511 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - Yoda's Protector Unpacking Memory Corruption
EIP-2026-115508 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - PE Unpacking Integer Overflow
EIP-2026-115505 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - Certificate Handling Directory Traversal
EIP-2026-115506 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - CHM Parsing Stack Buffer Overflow
CVE-2016-4535 EXPLOITDB HIGH text WORKING POC
McAfee LiveSafe 14.0 - Denial of Service via Crafted Packed Executable
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.
CVSS 7.5
EIP-2026-115507 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - ExeCryptor Parsing Memory Corruption
CVE-2019-1429 EXPLOITDB HIGH text WORKING POC
Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
CVSS 7.5
EIP-2026-115502 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - '.DEX' File Format Memory Corruption
EIP-2026-115503 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - '.DEX' File Format Parsing Memory Corruption
CVE-2018-0891 EXPLOITDB MEDIUM javascript WORKING POC
Internet Explorer - Information Disclosure via Scripting Engine Memory Handling
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.
CVSS 4.3
CVE-2017-0061 EXPLOITDB MEDIUM text WORKING POC
Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1 - ASLR Bypass via ICM32.dll Memory Handling
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.
CVSS 5.3
EIP-2026-115408 EXPLOITDB c WORKING POC
Hyper-V - 'vmswitch.sys' VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow
CVE-2017-5717 EXPLOITDB HIGH text WORKING POC
Intel Graphics Driver - Privilege Escalation
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
CVSS 7.8
EIP-2026-115504 EXPLOITDB text WRITEUP
Kaspersky AntiVirus - '.ZIP' File Format Use-After-Free
CVE-2017-0063 EXPLOITDB MEDIUM text WORKING POC
Windows Color Management Module - Information Disclosure via ICM32.dll Memory Handling
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.
CVSS 6.5
CVE-2018-8466 EXPLOITDB HIGH javascript WORKING POC
ChakraCore < 1.10.1 and 1.11.1 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.
CVSS 7.5
CVE-2019-1245 EXPLOITDB MEDIUM text WORKING POC
Windows DirectWrite - Information Disclosure via Memory Exposure
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.
CVSS 6.5
CVE-2019-8195 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Untrusted Pointer Dereference
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8024 EXPLOITDB CRITICAL text WRITEUP
Adobe Acrobat and Reader DC < 15.006.30499 and 15.008.20082-19.012.20036 - Use-After-Free
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2015-8635 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player < 18.0.0.324, 19.x-20.x < 20.0.0.267, AIR < 20.0.0.233 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
CVSS 8.8
CVE-2019-8196 EXPLOITDB CRITICAL text WRITEUP
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Untrusted Pointer Dereference
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8041 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 19.012.20036 - Out-of-bounds Write
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8050 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 19.012.20036 - Out-of-bounds Write
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8197 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Heap Overflow
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8
CVE-2019-8042 EXPLOITDB CRITICAL text WORKING POC
Adobe Acrobat and Reader DC < 19.012.20036 - Out-of-bounds Write
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS 9.8