Keen Team
BLOG
PROJECTS
ABOUT US
RUIZHONGXIN
ABOUT US
TEAM
 
ACHIEVEMENTS
 
CVE LIST
 
Print打印

CVE List


Notes: This CVE list only includes part of the High Risky Vulnerabilities Keen Team discovered. Medium and Low Risky Vulnerabilities discovered are not included.

CVE-2006-7222
Media Player Classic FLI File Processing Buffer Overflow
http://www.securityfocus.com/b id/25437

CVE-2007-2931
MSN Messenger Video Conversation Buffer Overflow Vulnerability
http ://www.microsoft.com/technet/security/Bulletin/MS07-054.mspx

CVE-2007-0071
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier
http://www.securityfocus.com/b id/28695

CVE-2008-1091
Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
http ://www.microsoft.com/technet/security/bulletin/ms08-026.mspx

CVE-2008-3471
Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability
http ://www.microsoft.com/technet/security/bulletin/MS08-057.mspx

CVE-2008-5021
Crash and remote code execution in nsFrameManager
http:/ /www.mozilla.org/security/announce/2008/mfsa2008-55.html

CVE-2008-4027
Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-08-084/

CVE-2008-4028
Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
http ://www.microsoft.com/technet/security/bulletin/MS08-072.mspx

CVE-2008-4837
Microsoft Office Word Document Table Property Stack Overflow Vulnerability
http ://www.microsoft.com/technet/security/bulletin/MS08-072.mspx

CVE-2009-1130
Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability
http ://www.microsoft.com/technet/security/bulletin/MS09-017.mspx

CVE-2009-1690
MULTIPLE VENDOR WEBKIT ERROR HANDLING USE AFTER FREE VULNERABILITY
http://support.apple.com/kb/ht3613

CVE-2009-0563
Microsoft Word Document Stack Based Buffer Overflow Vulnerability
http ://www.microsoft.com/technet/security/bulletin/MS09-027.mspx

CVE-2009-1530
Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-09-038/

CVE-2009-1531
Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-09-039/

CVE-2009-1918
Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-09-047/

CVE-2009-1133
Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-09-057/

CVE-2009-1920
Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-09-062/

CVE-2009-2502
MICROSOFT WINDOWS GDI+ TIFF FILE PARSING BUFFER OVERFLOW VULNERABILITY
http ://www.microsoft.com/technet/security/bulletin/ms09-062.mspx

CVE-2010-0244
Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-011/

CVE-2010-0491
MICROSOFT INTERNET EXPLORER 'ONREADYSTATECHANGE' USE AFTER FREE VULNERABILITY
http ://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

CVE-2010-0047
Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-029/

CVE-2010-0053
Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-030/

CVE-2010-0050
Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-031/

CVE-2010-0048
Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-146/

CVE-2010-0049
Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-152/

CVE-2010-1119
Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-091/

CVE-2010-1392
Apple Webkit Button First-Letter Style Rendering Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-154/

CVE-2010-1396
Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-092/

CVE-2010-1397
Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-095/

CVE-2010-1398
Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-097/

CVE-2010-1399
Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-094/

CVE-2010-1400
MULTIPLE VENDOR WEBKIT HTML CAPTION USE AFTER FREE VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=870

CVE-2010-1401
Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-098/

CVE-2010-1402
Apple Webkit ConditionEventListener Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-100/

CVE-2010-1403
Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-099/

CVE-2010-1404
Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-096/

CVE-2010-1665
aApple Webkit WebCore::FontFallbackList::determinePitch memory corruption
https://cod e.google.com/p/chromium/issues/detail?id=42294

CVE-2010-1749
Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-101/

CVE-2010-1770
Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-093/

CVE-2010-2297
Table layout crash bug from wushi
https://cod e.google.com/p/chromium/issues/detail?id=42723

CVE-2010-0183
Firefox Use-after-free error in nsCycleCollector::MarkRoots()
http:/ /www.mozilla.org/security/announce/2010/mfsa2010-27.html

CVE-2010-1786
Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-141/

CVE-2010-1785
Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-142/

CVE-2010-1784
Apple Webkit Rendering Counter Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-144/

CVE-2010-1787
Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-153/

CVE-2010-1900
Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-150/

CVE-2010-1901
MICROSOFT OFFICE RTF PARSING ENGINE MEMORY CORRUPTION VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=877

CVE-2010-1902
MICROSOFT WORD RTF FILE PARSING HEAP BUFFER OVERFLOW VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=876

CVE-2010-3113
WebKit Security issue in SVGUseElement::buildShadowTree
http://www.securityfocus.com/b id/44199

CVE-2010-3114
WebKit Memory corruption with invalid text node cast for edit commands
https://cod e.google.com/p/chromium/issues/detail?id=49628

CVE-2010-3166
Firefox Heap buffer overflow in nsTextFrameUtils::TransformText
http:/ /www.mozilla.org/security/announce/2010/mfsa2010-53.html

CVE-2010-1806
Apple Safari Webkit Runin Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-10-170/

CVE-2010-1822
Webkit Bad cast with svg:g element
https://cod e.google.com/p/chromium/issues/detail?id=55114

CVE-2010-1824
Apple Webkit Error Message Mutation Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-11-095/

CVE-2010-4198
Webkit Memory corruption in accessing floatptr of a textarea
https://cod e.google.com/p/chromium/issues/detail?id=55257

CVE-2010-4206
chrome_55000000!WebCore::FEBlend::apply Memory corruption
https://cod e.google.com/p/chromium/issues/detail?id=60688

CVE-2010-3333
MICROSOFT WORD RTF FILE PARSING STACK BUFFER OVERFLOW VULNERABILITY
http ://www.microsoft.com/technet/security/bulletin/ms10-087.mspx

CVE-2010-3808
WebKit invalid cast issue exists in editing commands
http://support.apple.com/kb/HT4455

CVE-2010-3824
WebKit's handling "use" elements in SVG documents
http://support.apple.com/kb/HT4455

CVE-2010-3772
Firefox Crash and remote code execution using HTML tags inside a XUL tree
http:/ /www.mozilla.org/security/announce/2010/mfsa2010-77.html

CVE-2011-1118
WebKit Security:WebCore::HTMLTextAreaElement::updateValue
https://cod e.google.com/p/chromium/issues/detail?id=71388

CVE-2011-1117
WebKit Stale nodes in Document::recalcStyleSelector
https://cod e.google.com/p/chromium/issues/detail?id=71386

CVE-2011-1448
WebKit stale entries in gPercentHeightDescendantsMap
https://cod e.google.com/p/chromium/issues/detail?id=77130

CVE-2010-1823
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-0233
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-0234
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-0237
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-0240
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-1117
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-1449
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-1453
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-1462
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-1797
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-3438
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT4808

CVE-2011-2135
ADOBE FLASH PLAYER ACTIONSCRIPT DISPLAY MEMORY CORRUPTION VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=935

CVE-2011-2825
Webkit fontface Invalid Font Family Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-12-054/

CVE-2011-2855
MULTIPLE VENDOR WEBKIT SVG ELEMENT USE AFTER FREE VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=971

CVE-2011-3928
Webkit.org Webkit copyNonAttributeProperties Remote Code Execution Vulnerability
http://www.ze rodayinitiative.com/advisories/ZDI-12-055/

CVE-2011-3035
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT5400

CVE-2012-0634
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT5191

CVE-2012-0472
Firefox Potential memory corruption during font rendering using cairo-dwrite
http:/ /www.mozilla.org/security/announce/2012/mfsa2012-25.html

CVE-2012-1521
WebKit Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update. html

CVE-2012-2034
ADOBE FLASH PLAYER ACTIONSCRIPT DISPLAYOBJECT LAYOUT MEMORY CORRUPTION VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=987

CVE-2012-3683
APPLE SAFARI RENDERBOX INLINEBOX TYPE CONFUSION VULNERABILITY
http://www.verisigninc.com/en_US/products-and-services/network-int elligence-availability/idefense/public-vulnerability-reports/articles/index. xhtml?id=998

CVE-2013-0961
WebKit Heap Corruption Vulnerability
http://support.apple.com/kb/HT5671

 
 

11月13日我们在东京Mobile Pwn2Own 2013上Pwned iOS7.0.3所涉及到的安全漏洞及利用分析,将会在厂商修复以后发布细节。欢迎关注碁震安全研究团队的微信公众号KeenTeam,以及微博@KeenTeam。

 

On Nov 13th 2013, Tokyo, Mobile Pwn2Own 2013, KeenTeam successfully explioted Apple iOS 7.0.3 Safari within 30 seconds and won the hacking contest. For more detailed infomation, please follow our twitter @K33NTEAM.

 
 
  • 关注
  • Twitter Blog
  • 新浪微博
  • Wechat
    Wechat QRCode
版权所有© 2015 KeenTeam. 保留 所有权利。  沪ICP备12003057号-7