By Eneko Cruz Elejalde Overview This post analyzes a heap-buffer overflow in Microsoft Windows Address Book. Microsoft released an advisory for this vulnerability for the
By Sergi Martinez This post analyses CVE-2020-9715, a use-after-free vulnerability affecting several versions of the Adobe Acrobat and Adobe Acrobat Reader products. The vulnerability was
By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it
By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it
Authors: István Kurucsai and Vignesh S Rao In 2019 we looked at patch gapping Chrome on two separate occasions. The conclusion was that exploiting 1day vulnerabilities well
Patch-gapping is the practice of exploiting vulnerabilities in open-source software that are already fixed (or are in the process of being fixed) by the developers
By Arthur Gerkis This is the second part of the blog post on the Microsoft Edge full-chain exploit. It provides analysis and describes exploitation of
By Arthur Gerkis This year Exodus Intelligence participated in the Pwn2Own competition in Vancouver. The chosen target was the Microsoft Edge browser and a full-chain
This post explores a recently patched Win32k vulnerability (CVE-2019-0808) that was used in the wild with CVE-2019-5786 to provide a full Google Chrome sandbox escape
This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it