Exodus Intel VRT

Foxit PhantomPDF extractPages Arbitrary File Write Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-a5cba843 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The extractPages method of the Document object does not properly validate the export path argument, allowing arbitrary files to be written...

Read More

Foxit PhantomPDF loadHtmlView Context Level Bypass Vulnerability

AUGUST 23, 2021

EIP-617871b4 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The loadHtmlView method of the app object invokes attacker-controlled JavaScript code in a privileged context. An attacker can create a specially...

Read More

Analysis of a Heap Buffer-Overflow Vulnerability in Microsoft Windows Address Book

AUGUST 5, 2021

By Eneko Cruz Elejalde Overview This post analyzes a heap-buffer overflow in Microsoft Windows Address Book. Microsoft released an advisory for this vulnerability for the 2021 February patch Tuesday. This post will go into...

Read More

Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC

APRIL 20, 2021

By Sergi Martinez This post analyses CVE-2020-9715, a use-after-free vulnerability affecting several versions of the Adobe Acrobat and Adobe Acrobat Reader products. The vulnerability was discovered by Mark Vincent Yason, who reported it to...

Read More

2021 Disclosure Policy

MARCH 17, 2021

It’s been a half-decade since we last updated our disclosure policy and it’s time for us to iterate on our policy again. As we detailed in our previous post, while there is inherent value...

Read More

Firefox Vulnerability Research Part 2

NOVEMBER 10, 2020

By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it was known publicly, and then our N-Day customers after...

Read More

Firefox Vulnerability Research

OCTOBER 20, 2020

By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it was known publicly, and then our N-Day customers after...

Read More

A EULOGY FOR PATCH-GAPPING CHROME

FEBRUARY 24, 2020

Authors: István Kurucsai and Vignesh S Rao In 2019 we looked at patch gapping Chrome on two separate occasions. The conclusion was that exploiting 1day vulnerabilities well before the fixes were distributed through the stable channel...

Read More

Patch-gapping Google Chrome

SEPTEMBER 9, 2019

Patch-gapping is the practice of exploiting vulnerabilities in open-source software that are already fixed (or are in the process of being fixed) by the developers before the actual patch is shipped to users. This...

Read More

Pwn2Own 2019: Microsoft Edge Sandbox Escape (CVE-2019-0938). Part 2

MAY 27, 2019

By Arthur Gerkis This is the second part of the blog post on the Microsoft Edge full-chain exploit. It provides analysis and describes exploitation of a logical vulnerability in the implementation of the Microsoft...

Read More