Security Advisories

Software flaws found by Krash Consulting

Krash Consulting is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code.

This list of advisories provides insight into the specific vulnerabilities reported.

  • 2017
    Google Chrome – Use after free in WebAudio (CVE-2017-5129)

    Read the advisory

    Google Chrome – Heap overflow in WebGL (CVE-2017-5128)

    Read the advisory

    Firefox – Buffer overflow when drawing and validating elements with ANGLE (CVE-2017-7824)

    Read the advisory

  • 2015
    Google Chrome – Out of bounds read in webGL (CVE-2015-1240)

    Read the advisory

    Internet Explorer 11 – CSVGMarkerElement Use-After-Free (CVE-2015-1668)

    Read the advisory

    Internet Explorer 11 – SVG Marker Use-After-Free (CVE-2015-0043)

    Read the advisory

    Internet Explorer 11 – SVG Marker Use-After-Free (CVE-2015-0042)

    Read the advisory

  • 2014
    Internet Explorer 11 – Cell Resizing (CVE-2014-4128)

    Read the advisory

    Internet Explorer 11 – CSVGSVGElement Use-After-Free (CVE-2014-6354)

    Read the advisory

    Internet Explorer 11 – CElement (CVE-2014-4145)

    Read the advisory

    Internet Explorer 11 – first-letter Use-After-Free (CVE-2014-4050)

    Read the advisory

    Internet Explorer 11 – Memory Corruption (CVE-2014-1772)

    Read the advisory

    Internet Explorer 11 – Microsoft IE CSS Property / Unicode Character Handling Heap Buffer Overflow (CVE-2014-0313)

    Read the advisory

    Microsoft Windows Direct2D Crafted 2D Geometric Figure Handling Memory Corruption (CVE-2014-0263)

    Read the advisory

  • 2010
    Excel File Format Parsing Vulnerability (CVE-2010-3232)

    Read the advisory

    RealPlayer RealMedia Memory Heap Corruption Vulnerability (CVE-2010-4386)

    Read the advisory

    RealPlayer RealAudio Codec Memory Corruption Vulnerability (CVE-2010-4387)

    Read the advisory

  • In the News
    SANS (Dec, 2011) – New Vulnerability in Windows 7 64 bit

    Read the advisory

    Slashdot(Dec, 2011) – New Remote Flaw In 64-Bit Windows 7

    Read the advisory

    ZDNet (Nov, 2010)- Attack code published for unpatched Stuxnet vulnerability

    Read the advisory