JScript Error Object Use-After-Free Vulnerability : CVE-2018-8267

A zero-day vulnerability in the JScript has been disclosed to Microsoft. CVE-2018-8267 has been assigned to track this vulnerability. Microsoft has accepted the disclosure, the advisory addressing the issue has been released. It is a use-after-free vulnerability in Windows JScript, the vulnerability is due to improper handling of error objects by JScript. Upon successful exploitation an attacker can gain … Continue reading “JScript Error Object Use-After-Free Vulnerability : CVE-2018-8267”

Adobe Reader Double Free Vulnerability : CVE-2018-4990

A double free vulnerability in Adobe Reader was disclosed. CVE-2018-4990 has been assigned to track this vulnerability. Upon successful exploitation an attacker can achieve arbitrary code execution. The vulnerability has been exploited in the wild via crafted pdf document. Adobe has released APSB18-09 to address this vulnerability. Please check the advisory for the list of affected … Continue reading “Adobe Reader Double Free Vulnerability : CVE-2018-4990”