Shifting boundaries: Exploiting an Integer Overflow in Apple Safari
July 20, 2023
By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting
Google Chrome V8 ArrayShift Race Condition Remote Code Execution
May 16, 2023
By Javier Jimenez Overview This post describes a method of exploiting a race condition in the V8 JavaScript engine, version 9.1.269.33. The vulnerability affects the following
Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows Crypto Provider
April 6, 2023
By Michele Campa Overview We describe a method to exploit a Windows Nday vulnerability to escape the Adobe sandbox. This vulnerability is assigned CVE-2021-31199 and
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
December 19, 2022
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe
Exploiting a use-after-free in Windows Common Logging File System (CLFS)
March 10, 2022
By Arav Garg Overview This post analyzes a use-after-free vulnerability in clfs.sys, the kernel driver that implements the Common Logging File System, a general-purpose logging
Analysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC
October 4, 2021
By Sergi Martinez In late June, we published a blog post containing analysis of exploitation of a heap-buffer overflow vulnerability in Adobe Reader, a vulnerability
Analysis of a Heap Buffer-Overflow Vulnerability in Microsoft Windows Address Book
August 5, 2021
By Eneko Cruz Elejalde Overview This post analyzes a heap-buffer overflow in Microsoft Windows Address Book. Microsoft released an advisory for this vulnerability for the
Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC
April 20, 2021
By Sergi Martinez This post analyses CVE-2020-9715, a use-after-free vulnerability affecting several versions of the Adobe Acrobat and Adobe Acrobat Reader products. The vulnerability was
Firefox Vulnerability Research Part 2
November 10, 2020
By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it
Firefox Vulnerability Research
October 20, 2020
By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it