Acknowledgments - 2016 (original) (raw)
December 2016
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Win32k Elevation of Privilege Vulnerability
Behzad Najjarpour Jabbari, Secunia Research at Flexera Software
Win32k Elevation of Privilege Vulnerability
Sébastien Renaud of Quarkslab
Win32k Elevation of Privilege Vulnerability
Richard Le Dé of Quarkslab
Win32k Elevation of Privilege Vulnerability
Jfpan of IceSword Lab, Qihoo 360
Win32k Elevation of Privilege Vulnerability
Fanxiaocao of IceSword Lab, Qihoo 360
Windows Crypto Driver Information Disclosure Vulnerability
Taesoo Kim of SSLab, Georgia Institue of Technology
Windows Crypto Driver Information Disclosure Vulnerability
Su Yong Kim of SSLab, Georgia Institue of Technology
Windows Crypto Driver Information Disclosure Vulnerability
Sangho Lee of SSLab, Georgia Institue of Technology
Windows Crypto Driver Information Disclosure Vulnerability
Byoungyoung Lee of SSLab, Georgia Institue of Technology
Windows Installer Elevation of Privilege Vulnerability
Thomas Vanhoutte (@SandboxEscaper)
Windows GDI Information Disclosure Vulnerability
Steven Vittitoe of Google Project Zero
Microsoft Office Security Feature Bypass Vulnerability
Iliyan Velikov of PwC UK
Microsoft Office Memory Corruption Vulnerability
JChen of Palo Alto Networks
Microsoft Office Information Disclosure Vulnerability
Microsoft Office Information Disclosure Vulnerability
Steven Seeley of Source Incite
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Haifei Li of Intel Security
Microsoft Office Information Disclosure Vulnerability
Microsoft Office OLE DLL Side Loading Vulnerability
Weibo Wang of Qihoo 360 Skyeye Labs
Microsoft Office Information Disclosure Vulnerability
Steven Vittitoe of Google Project Zero
Microsoft Office Memory Corruption Vulnerability
Jaanus Kääp of Clarified Security
Microsoft Office Memory Corruption Vulnerability
Peixue Li of Fortinet’s FortiGuard Labs
Microsoft Office Information Disclosure Vulnerability
Steven Seeley of Source Incite
Microsoft Office Information Disclosure Vulnerability
Steven Seeley of Source Incite
Defense-in-depth
-------------------
Steven Seeley of Source Incite
Defense-in-depth
-------------------
Windows Uniscribe Remote Code Execution Vulnerability
Hossein Lotfi, Secunia Research at Flexera Software
Windows GDI Information Disclosure Vulnerability
Steven Vittitoe of Google Project Zero
Windows Graphics Remote Code Execution Vulnerability
Giwan Go of STEALIEN, working with Trend Micro’s Zero Day Initiative (ZDI)
Defense-in-depth
-------------------
Henry Li (zenhumany) of Trend Micro
Microsoft Browser Memory Corruption Vulnerability
Veit Hailperin (@fenceposterror) of scip AG
Microsoft Browser Memory Corruption Vulnerability
The UK's National Cyber Security Centre (NCSC)
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa of Cure53
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Linan Hao of Qihoo 360 Vulcan Team working with POC/PwnFest
Scripting Engine Memory Corruption Vulnerability
Lokihart working with POC/PwnFest
Scripting Engine Memory Corruption Vulnerability
Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Scott Bell of Security-Assessment.com
Windows Hyperlink Object Library Information Disclosure Vulnerability
Steven Seeley of Source Incite
Microsoft Browser Memory Corruption Vulnerability
The UK's National Cyber Security Centre (NCSC)
Microsoft Browser Memory Corruption Vulnerability
Scott Bell of Security-Assessment.com
Internet Explorer Information Disclosure Vulnerability
Li Kemeng of Baidu Security Lab
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Microsoft Browser Memory Corruption Vulnerability
November 2016
Microsoft Browser Memory Corruption Vulnerability
Kai Song of Tencent’s Xuanwu LAB
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa of Cure53
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa via Google VRP
Microsoft Browser Remote Code Execution Vulnerability
Natalie Silvanovich of Google Project Zero
Defense-in-depth
-------------------
John Page of ApparitionSec
Windows Kernel Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Windows Kernel Elevation of Privilege Vulnerability
Mateusz Jurczyk of Google Project Zero
VHDFS Driver Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
VHDFS Driver Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
VHDFS Driver Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
VHDFS Driver Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Local Security Authority Subsystem Service Denial of Service Vulnerability
Laurent Gaffie
SQL RDBMS Engine Elevation of Privilege Vulnerability
Scott Sutherland of netSPI
Win32k Information Disclosure Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Win32k Elevation of Privilege Vulnerability
bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
Bowser.sys Information Disclosure Vulnerabilty
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Win32k Elevation of Privilege
Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Elevation of Privilege Vulnerability
Neel Mehta of Google’s Threat Analysis Group
Win32k Elevation of Privilege Vulnerability
Billy Leonard of Google’s Threat Analysis Group
Win32k Elevation of Privilege Vulnerability
Feike Hacquebord, of Trend Micro
Win32k Elevation of Privilege Vulnerability
Peter Pi of Trend Micro
Win32k Elevation of Privilege Vulnerability
Brooks Li of Trend Micro
Windows CLFS Elevation of Privilege
Daniel King, KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Daniel King, KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows CLFS Elevation of Privilege
Daniel King, KeenLab, Tencent
Microsoft Office Memory Corruption Vulnerability
JChen of Palo Alto Networks
Microsoft Office Memory Corruption Vulnerability
JChen of Palo Alto Networks
Microsoft Office Memory Corruption Vulnerability
JChen of Palo Alto Networks
Microsoft Office Memory Corruption Vulnerability
Steven Vittitoe of Google Project Zero
Microsoft Office Memory Corruption Vulnerability
JChen of Palo Alto Networks
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Rocco Calvi of Source Incite working with VeriSign iDefense Labs
Microsoft Office Information Disclosure Vulnerability
Steven Seeley of Source Incite working with VeriSign iDefense Labs
Microsoft Office Information Disclosure Vulnerability
Rocco Calvi of Source Incite working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Rocco Calvi of Source Incite working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Rocco Calvi of Source Incite working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite working with VeriSign iDefense Labs
Microsoft Office Denial of Service Vulnerability
Dmitri Kaslov, Independent Security Researcher
Microsoft Office Memory Corruption Vulnerability
Haifei Li of Intel Security
Windows Animation Manager Memory Corruption Vulnerability
Scott Bell of Security-Assessment.com
Windows Animation Manager Memory Corruption Vulnerability
Kai Song of Tencent’s Xuanwu LAB
Windows Animation Manager Memory Corruption Vulnerability
SkyLined working with VeriSign iDefense Labs
Open Type Font Information Disclosure Vulnerability
Hossein Lotfi, Secunia Research at Flexera Software
Media Foundation Memory Corruption Vulnerability
Liu Long of Qihoo 360
Open Type Font Elevation of Privilege Vulnerability
Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA)
Defense-in-Depth
-------------------
Bing Sun of Intel Security Group
Windows Remote Code Execution Vulnerability
Aral Yaman of Noser Engineering AG
Windows IME Elevation of Privilege Vulnerability
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc.
Task Scheduler Elevation of Privilege Vulnerability
Shanti Lindström Individual
Microsoft Browser Memory Corruption Vulnerability
Kai Song of Tencent’s Xuanwu LAB
Microsoft Browser Memory Corruption Vulnerability
Kai Song of Tencent’s Xuanwu LAB
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Qixun Zhao of Qihoo 360 Skyeye Labs
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Scott Bell of Security-Assessment.com
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Microsoft Edge Information Disclosure Vulnerability
Abdulrahman Alqabandi (@qab)
Scripting Engine Memory Corruption Vulnerability
Microsoft ChakraCore Team
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa of Cure53
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa via Google VRP
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Microsoft Browser Remote Code Execution Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Qixun Zhao of Qihoo 360 Skyeye Labs
Scripting Engine Memory Corruption Vulnerability
Nicolas Joly of MSRCE UK
October 2016
Internet Explorer Information Disclosure Vulnerability
Will Metcalf and Kafeine of Proofpoint
Windows Diagnostics Hub Elevation of Privilege
James Forshaw of Google Project Zero
Windows Kernel Local Elevation of Privilege
Fortinet’s FortiGuard Labs
Windows Kernel Local Elevation of Privilege
James Forshaw of Google Project Zero
Windows Kernel Local Elevation of Privilege
Mateusz Jurczyk of Google Project Zero
Windows Kernel Local Elevation of Privilege
James Forshaw of Google Project Zero
Windows Kernel Local Elevation of Privilege
James Forshaw of Google Project Zero
Windows Kernel Local Elevation of Privilege
James Forshaw of Google Project Zero
Win32k Elevation of Privilege Vulnerability
pgboy, zhong_sf of Qihoo 360 Vulcan Team
Windows Transaction Manager Elevation of Privilege Vulnerability
Peter Hlavaty (@zer0mem), KeenLab, Tencent
Windows Kernel Elevation of Privilege vulnerability
Mateusz Jurczyk of Google Project Zero
Windows Kernel Elevation of Privilege vulnerability
James Forshaw of Google Project Zero
Windows Kernel Driver Local Elevation of Privilege
James Forshaw of Google Project Zero
Win32k Elevation of Privilege Vulnerability
fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360
Microsoft Office Memory Corruption Vulnerability
Austrian MilCERT
True Type Font Parsing Information Disclosure Vulnerability
Mateusz Jurczyk of Google Project Zero
GDI+ Information Disclosure Vulnerability
Mateusz Jurczyk of Google Project Zero
GDI+ Information Disclosure Vulnerability
Mateusz Jurczyk of Google Project Zero
Win32k Elevation of Privilege Vulnerability
pgboy, zhong_sf of Qihoo 360 Vulcan Team
Windows Graphics Component RCE Vulnerability
Anton Ivanov of Kaspersky Lab
True Type Font Parsing Elevation of Privilege Vulnerability
Mateusz Jurczyk of Google Project Zero
Microsoft Browser Information Disclosure Vulnerability
Wenxiang Qian of Tencent QQBrowser
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Scripting Engine Memory Corruption Vulnerability
Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Microsoft Browser Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Microsoft Browser Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Microsoft ChakraCore Team
Scripting Engine Memory Corruption Vulnerability
Microsoft ChakraCore Team
Microsoft Browser Information Disclosure Vulnerability
Stefaan Truijen, working with NVISO
Microsoft Browser Information Disclosure Vulnerability
Adrian Toma, working with NVISO (internship)
Microsoft Browser Information Disclosure Vulnerability
Daan Raman, working with NVISO
Microsoft Browser Information Disclosure Vulnerability
Arne Swinnen working with NVISO
Microsoft Browser Security Feature Bypass
Scripting Engine Information Disclosure Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
Scripting Engine Memory Corruption Vulnerability
Natalie Silvanovich of Google Project Zero
-------------------
-------------------
Andrew Wesie (awesie) from Theori
Microsoft Browser Information Disclosure Vulnerability
Wenxiang Qian of Tencent QQBrowser
Internet Explorer Information Disclosure Vulnerability
Will Metcalf and Kafeine of Proofpoint
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Scripting Engine Memory Corruption Vulnerability
Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
0011, working with Trend Micro’s Zero Day Initiative (ZDI)
Internet Explorer Memory Corruption Vulnerability
62600BCA031B9EB5CB4A74ADDDD6771E, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Jaehun Jeong (n3sk), of WINS, WSEC Analysis Team, working with VeriSign iDefense Labs
Microsoft Browser Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Microsoft Browser Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Microsoft Browser Information Disclosure Vulnerability
Stefaan Truijen, working with NVISO
Microsoft Browser Information Disclosure Vulnerability
Adrian Toma, working with NVISO (internship)
Microsoft Browser Information Disclosure Vulnerability
Daan Raman, working with NVISO
Microsoft Browser Information Disclosure Vulnerability
Arne Swinnen working with NVISO
-------------------
Defense-in-depth
-------------------
James Forshaw of Google Project Zero
September 2016
Scripting Engine Memory Corruption Vulnerability
An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Yuki Chen of Qihoo 360 Vulcan Team
PDF Library Information Disclosure Vulnerability
Ke Liu of Tencent’s Xuanwu Lab
PDF Library Information Disclosure Vulnerability
Roberto Suggi Liverani (@malerisch) of malerisch.net
PDF Library Information Disclosure Vulnerability
Steven Seeley of Source Incite
Windows SMB Authenticated Remote Code Execution Vulnerability
Alexander Ovchinnikov of Tuxera Inc
Windows SMB Authenticated Remote Code Execution Vulnerability
Oleg Kravtsov of Tuxera Inc
Windows Lock Screen Elevation of Privilege Vulnerability
Auri A. Rahimzadeh of Auri’s Ideas
Windows Session Object Elevation of Privilege Vulnerability
The Citrix Product Security Team
Windows Session Object Elevation of Privilege Vulnerability
The Citrix Product Security Team
Windows Kernel Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Windows Kernel Elevation of Privilege Vulnerability
Marcin Wiazowski, individual
Windows Kernel Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Windows Denial of Service Vulnerability
Piotr Bania of Cisco Talos
Windows Remote Code Execution Vulnerability
Jonathan Brown of VMware, Inc
Defense-in-depth
-------------------
John Page of ApparitionSec
Microsoft Exchange Information Disclosure Vulnerability
Bassel Rachid of DH Corporation
Microsoft Exchange Information Disclosure Vulnerability
Lucie Brochu of DH Corporation
Microsoft Exchange Open Redirect Vulnerability
John Page of ApparitionSec
Microsoft Exchange Elevation of Privilege Vulnerability
Adrian Ivascu
Microsoft APP-V ASLR Bypass
Udi Yavo of enSilo
Microsoft Office Memory Corruption Vulnerability
Steven Vittitoe of Google Project Zero
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite, working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite, working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite
Microsoft Office Memory Corruption Vulnerability
Eduardo Braun Prado
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Office Spoofing Vulnerability
Incident Response Team of Certego
Win32k Elevation of Privilege Vulnerability
RanchoIce of the Baidu Security Lab
GDI Information Disclosure Vulnerability
WanderingGlitch of Trend Micro’s Zero Day Initiative (ZDI)
GDI Information Disclosure Vulnerability
Liang Yin of Tencent PC Manager via GeekPwn
Defense-in-depth
-------------------
Henry Li (zenhumany) of Trend Micro
Defense-in-depth
-------------------
Microsoft Browser Memory Corruption Vulnerability
SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Nathaniel Theis (XMPPwocky)
Microsoft Edge Memory Corruption Vulnerability
Shi Ji (@Puzzor) of VARAS@IIE, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Browser Information Disclosure Vulnerability
SkyLined
Microsoft Edge Memory Corruption Vulnerability
F4B3CD of STARLAB
Microsoft Edge Memory Corruption Vulnerability
Microsoft ChakraCore Team
Microsoft Browser Information Disclosure Vulnerability
Kafeine, Brooks Li of Trend Micro
Scripting Engine Memory Corruption Vulnerability
Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)
Defense-in-depth
-------------------
Microsoft Browser Memory Corruption Vulnerability
SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Nathaniel Theis (XMPPwocky)
Microsoft Browser Elevation of Privilege Vulnerability
Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Internet Explorer Memory Corruption Vulnerability
SkyLined
Microsoft Browser Information Disclosure Vulnerability
SkyLined
Microsoft Browser Information Disclosure Vulnerability
Kafeine, Brooks Li of Trend Micro
Internet Explorer Security Feature Bypass
Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Yuki Chen of Qihoo 360 Vulcan Team
Scripting Engine Memory Corruption Vulnerability
An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Simon Zuckerbraun working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
-------------------
Defense-in-depth
-------------------
Fortinet’s FortiGuard Labs
-------------------
Defense-in-depth
-------------------
Steven Seeley of Source Incite working with iDefense
-------------------
Defense-in-depth
-------------------
Reno Robert
August 2016
Microsoft PDF Remote Code Execution Vulnerability
Aleksandar Nikolic of Cisco Talos
Kerberos Elevation of Privilege Vulnerability
Nabeel Ahmed of Dimension Data
Microsoft Office Memory Corruption Vulnerability
Jaanus Kaap
Microsoft Office Memory Corruption Vulnerability
Sébastien Morin of COSIG
Microsoft OneNote Information Disclosure Vulnerability
dannywei of Tencent’s Xuanwu Lab
Microsoft Office Memory Corruption Vulnerability
Francis Provencher of COSIG
Microsoft Office Memory Corruption Vulnerability
Dhanesh Kizhakkinan of FireEye Inc
Graphics Component Memory Corruption Vulnerability
Arun Kumar Sharma, working with Trend Micro’s Zero Day Initiative (ZDI)
Defense-in-depth
-----------------
Jerry Decime of Hewlett Packard Enterprise
Win32k Elevation of Privilege Vulnerability
Peter (Keen) working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Elevation of Privilege Vulnerability
ZeguangZhao (team509), working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Elevation of Privilege Vulnerability
bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Elevation of Privilege Vulnerability
Wayne Low of Fortinet’s Fortiguard Labs
Win32k Elevation of Privilege Vulnerability
pgboy, zhong_sf of Qihoo 360 Vulcan Team
Defense-in-depth
-----------------
Martin Lenord
Windows Graphics Component RCE Vulnerability
Mateusz Jurczyk of Google Project Zero
Windows Graphics Component RCE Vulnerability
Mateusz Jurczyk of Google Project Zero
Windows Graphics Component RCE Vulnerability
Mateusz Jurczyk of Google Project Zero
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
Kai Song (exp-sky) of Tencent’s Xuanwu LAB
Scripting Engine Memory Corruption Vulnerability
Microsoft ChakraCore Team
Microsoft PDF Remote Code Execution Vulnerability
Aleksandar Nikolic of Cisco Talos
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Soroush Dalili of NCC Group
Microsoft Browser Information Disclosure
Masato Kinugawa of Cure53
Internet Explorer Memory Corruption Vulnerability
Ivan Fratric and Martin Barbella, working with Google Project Zero
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
Internet Explorer Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Browser Memory Corruption Vulnerability
Kai Song (exp-sky) of Tencent’s Xuanwu LAB
Internet Explorer Information Disclosure Vulnerability
Yorick Koster of Securify B.V.
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Soroush Dalili of NCC Group
Microsoft Browser Information Disclosure
Masato Kinugawa of Cure53
July 2016
Windows File System Security Feature Bypass Vulnerability
James Forshaw of Google Project Zero
Windows Kernel Information Disclosure Vulnerability
Herbert Bos of Vrije Universiteit Amsterdam
.NET Information Disclosure Vulnerability
Michael Weber, Henrique Arcoverde NCC Group
Win32k Elevation of Privilege Vulnerability
bee13oy of CloverSec Labs
Win32k Elevation of Privilege Vulnerability
zhong_sf and pgboy of Qihoo 360 Vulcan Team
GDI Component Information Disclosure Vulnerability
zhong_sf and pgboy of Qihoo 360 Vulcan Team
Win32k Elevation of Privilege Vulnerability
fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360
Win32k Elevation of Privilege Vulnerability
zhong_sf and pgboy of Qihoo 360 Vulcan Team
Microsoft win32k Elevation of Privilege Vulnerability
zhong_sf and pgboy of Qihoo 360 Vulcan Team
Microsoft Office Memory Corruption Vulnerability
Xiaoning Li of Intel Labs
Microsoft Security Feature Bypass Vulnerability
Haifei Li of Intel Security
Microsoft Office Memory Corruption Vulnerability
Lucas Leong of Trend Micro
Microsoft Office Memory Corruption Vulnerability
Jaanus Kääp of Clarified Security
Microsoft Office Memory Corruption Vulnerability
Jaanus Kääp of Clarified Security
Microsoft Office Memory Corruption Vulnerability
Jaanus Kääp of Clarified Security
Microsoft Office Memory Corruption Vulnerability
Alexey Belyakov, Individual
Microsoft Print Spooler Remote Code Execution Vulnerability
Nicolas Beauchesne of Vectra Networks
Windows Print Spooler Elevation of Privilege
Shanti Lindström, Individual
Microsoft Edge Security Feature Bypass
Zheng Huang of the Baidu Security Lab
Microsoft Edge Security Feature Bypass
Henry Li (zenhumany) of Trend Micro
Microsoft Edge Security Feature Bypass
Kai Song (exp-sky) of Tencent’s Xuanwu LAB
Microsoft Edge Memory Corruption Vulnerability
cc working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Microsoft ChakraCore Team
Scripting Engine Memory Corruption Vulnerability
Jaehun Jeong (n3sk), Individual
Microsoft Browser Memory Corruption Vulnerability
exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Jordan Rabet, Microsoft Offensive Security Research Team
Scripting Engine Memory Corruption Vulnerability
Jordan Rabet, Microsoft Offensive Security Research Team
Scripting Engine Memory Corruption Vulnerability
WanderingGlitch, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa of Cure53
Microsoft Browser Spoofing Vulnerability
Ferenc Lutischán of Magyar Telekom Nyrt
Microsoft Edge Spoofing Vulnerability
Wenxiang Qian of Tencent QQBrowser
Microsoft Browser Information Disclosure Vulnerability
Henry Li (zenhumany) of Trend Micro
Internet Explorer Memory Corruption Vulnerability
Hui Gao of Palo Alto Networks
Internet Explorer Memory Corruption Vulnerability
62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
Internet Explorer Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Internet Explorer Security Feature Bypass
Masato Kinugawa of Cure53
Scripting Engine Memory Corruption Vulnerability
Jaehun Jeong (n3sk), Individual
Scripting Engine Memory Corruption Vulnerability
Jordan Rabet of Microsoft Offensive Security Research Team
Internet Explorer Information Disclosure Vulnerability
Li Kemeng, Baidu Security Lab
Microsoft Browser Memory Corruption Vulnerability
exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Information Disclosure Vulnerability
Masato Kinugawa of Cure53
Microsoft Browser Information Disclosure Vulnerability
Henry Li (zenhumany) of Trend Micro
-------------------
Defense-in-depth
-------------------
Tao Yan (@Ga1ois) of Palo Alto Networks
June 2016
Active Directory Denial of Service Vulnerability
Ondrej Sevecek of GOPAS
Windows PDF Information Disclosure Vulnerability
Jaanus Kääp of Clarified Security
Windows PDF Remote Code Execution Vulnerability
Ke Liu of Tencent’s Xuanwu Lab
Windows PDF Remote Code Execution Vulnerability
kdot working with Trend Micro’s Zero Day Initiative (ZDI)
Windows PDF Information Disclosure Vulnerability
Ke Liu of Tencent’s Xuanwu Lab
Windows PDF Information Disclosure Vulnerability
kdot working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Exchange Information Disclosure Vulnerability
Louis-Paul Dareau of ProcessOut
Windows Diagnostics Hub Elevation of Privilege
lokihardt, working with Trend Micro’s Zero Day Initiative (ZDI)
Windows Diagnostics Hub Elevation of Privilege
WPAD Elevation of Privilege Vulnerability
Moritz Jodeit of Blue Frost Security GmbH
WPAD Elevation of Privilege Vulnerability
Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab
Windows Graphics Component Information Disclosure Vulnerability
Mateusz Jurczyk of Google Project Zero
Win32k Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
ATMFD.DLL Elevation of Privilege Vulnerability
Mateusz Jurczyk of Google Project Zero
Win32k Elevation of Privilege Vulnerability
zhong_sf and pgboy of Qihoo 360 Vulcan Team
Win32k Elevation of Privilege Vulnerability
RanchoIce of the Baidu Security Lab
Group Policy Elevation of Privilege Vulnerability
Group Policy Elevation of Privilege Vulnerability
Microsoft Office Memory Corruption Vulnerability
YangKang of 360 QEX Team
Microsoft Office Memory Corruption Vulnerability
David D. Rude II working with iDefense
Microsoft Office Memory Corruption Vulnerability
LiYaDong of 360 QEX Team
Microsoft Office Information Disclosure Vulnerability
Dhanesh Kizhakkinan of FireEye Inc
Microsoft Office OLE DLL Side Loading Vulnerability
Yorick Koster of Securify B.V.
Defense-in-depth
-----------------
Danny Wei Wei of Tencent’s Xuanwu Lab
Scripting Engine Memory Corruption Vulnerability
Tao Yan (@Ga1ois) of Palo Alto Networks
Scripting Engine Memory Corruption Vulnerability
Tao Yan (@Ga1ois) of Palo Alto Networks
Scripting Engine Memory Corruption Vulnerability
Tao Yan (@Ga1ois) of Palo Alto Networks
Microsoft Edge Security Feature Bypass
Mario Heiderich of Cure53
Scripting Engine Memory Corruption Vulnerability
lokihardt working with Trend Micro’s Zero Day Initiative (ZDI)
Windows PDF Information Disclosure Vulnerability
Jaanus Kääp of Clarified Security
Windows PDF Remote Code Execution Vulnerability
kdot working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Jordan Rabet of Microsoft Offensive Security Research Team
Windows PDF Information Disclosure Vulnerability
Ke Liu of Tencent’s Xuanwu Lab
Windows PDF Information Disclosure Vulnerability
kdot working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Edge Memory Corruption Vulnerability
Shi Ji (@Puzzor) of VARAS@IIE working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Edge Memory Corruption Vulnerability
Kai Song (exp-sky) of Tencent’s Xuanwu Lab
Internet Explorer Memory Corruption Vulnerability
SkyLined working with iDefense
Internet Explorer Memory Corruption Vulnerability
62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Tao Yan (@Ga1ois) of Palo Alto Networks
Scripting Engine Memory Corruption Vulnerability
Tao Yan (@Ga1ois) of Palo Alto Networks
Scripting Engine Memory Corruption Vulnerability
Tao Yan (@Ga1ois) of Palo Alto Networks
Scripting Engine Memory Corruption Vulnerability
Moritz Jodeit of Blue Frost Security
Internet Explorer Memory Corruption Vulnerability
Ashutosh Mehra working with Trend Micro’s Zero Day Initiative (ZDI)
Internet Explorer XSS Filter Vulnerability
Masato Kinugawa of Cure53
WPAD Elevation of Privilege Vulnerability
Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab
May 2016
Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
Sandeep Kumar of Citrix Systems Inc.
Hypervisor Code Integrity Security Feature Bypass
Rafal Wojtczuk of Bromium
Win32k Elevation of Privilege Vulnerability
Nils Sommer of bytegeist, working with Google Project Zero
Win32k Elevation of Privilege Vulnerability
Nils Sommer of bytegeist, working with Google Project Zero
Win32k Elevation of Privilege Vulnerability
Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Elevation of Privilege Vulnerability
Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Information Disclosure Vulnerability
Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
Peter Hlavaty of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
Daniel King of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
Win32k Elevation of Privilege Vulnerability
Dhanesh Kizhakkinan of FireEye, Inc.
Win32k Elevation of Privilege Vulnerability
Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)
Defense-in-depth
-----------------
Fermin J. Serna
RPC Network Data Representation Engine Elevation of Privilege Vulnerability
Evgeny Kotkov of VisualSVN
RPC Network Data Representation Engine Elevation of Privilege Vulnerability
Ivan Zhakov of VisualSVN
Windows Kernel Elevation of Privilege Vulnerability
Loren Robinson of CrowdStrike, Inc.
Windows Kernel Elevation of Privilege Vulnerability
Alex Ionescu of CrowdStrike, Inc.
Windows Media Center Remote Code Execution Vulnerability
Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)
Windows Shell Remote Code Execution Vulnerability
Shi Ji (@Puzzor) of VARAS@IIE
Journal Memory Corruption Vulnerability
Jason Kratzer, working with VeriSign iDefense Labs
Journal Memory Corruption Vulnerability
Bingchang Liu of VARAS@IIE
Windows Graphics Component Information Disclosure Vulnerability
Mateusz Jurczyk of Google Project Zero
Windows Graphics Component Information Disclosure Vulnerability
Mateusz Jurczyk of Google Project Zero
WIndows Graphics Component RCE vulnerability
Mateusz Jurczyk of Google Project Zero
Direct3D Use After Free RCE Vulnerability
Henry Li(zenhumany) of Trend Micro
Microsoft Office Memory Corruption Vulnerability
An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team
Microsoft Office Memory Corruption Vulnerability
Hao Linan of Qihoo 360 Vulcan Team
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite, working with VeriSign iDefense Labs
Office Graphics RCE Vulnerability
Lucas Leong of Trend Micro
Scripting Engine Memory Corruption Vulnerability
Kai Kang
Scripting Engine Memory Corruption Vulnerability
Brian Pak (cai) from Theori, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Edge Memory Corruption Vulnerability
Lokihart working with Trend Micro’s Zero Day Initiative (ZDI)
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
Scripting Engine Memory Corruption Vulnerability
Zhen Feng, Wen Xu of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
Defense-in-depth
-----------------
Bing Sun Intel Security Group
Scripting Engine Memory Corruption Vulnerability
Kai Kang
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
Internet Explorer Information Disclosure Vulnerability
Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)
Defense-in-depth
-----------------
Zhang Yunhai of NSFOCUS
April 2016
HTTP.sys Denial of Service Vulnerability
Dhanesh Kizhakkinan of FireEye, Inc.
HTTP.sys Denial of Service Vulnerability
Noam Mazor of Imperva
Windows CSRSS Security Feature Bypass Vulnerability
James Forshaw of Google Project Zero
Windows RPC Downgrade Vulnerability
This vulnerability was discovered and researched by Stefan Metzmacher of SAMBA+ and the Samba Team, which also helped design a fix for the problem. For more information about the vulnerability named "BADLOCK," see Badlock Bug.
Secondary Logon Elevation of Privilege Vulnerability
Tenable Network Security
Hyper-V Remote Code Execution Vulnerability
Kostya Kortchinsky of the Google Security Team
Hyper-V Remote Code Execution Vulnerability
Thomas Garnier
Hyper-V Information Disclosure vulnerability
Kostya Kortchinsky of the Google Security Team
Hyper-V Information Disclosure vulnerability
Thomas Garnier
Hyper-V Information Disclosure vulnerability
Kostya Kortchinsky of the Google Security Team
Hyper-V Information Disclosure vulnerability
Thomas Garnier
Windows OLE Remote Code Execution Vulnerability
Debasish Mandal of the Intel Security IPS Vulnerability Research Team
Microsoft Office Memory Corruption Vulnerability
Sébastien Morin of COSIG
Microsoft Office Memory Corruption Vulnerability
Lucas Leong of Trend Micro
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite, working with VeriSign iDefense Labs
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite
.NET Framework Remote Code Execution Vulnerability
Yorick Koster of Securify B.V.
.NET Framework Remote Code Execution Vulnerability
rgod, working with Trend Micro’s Zero Day Initiative (ZDI)
MSXML 3.0 Remote Code Execution Vulnerability
Nicolas Grégoire of Agarri
Win32k Elevation of Privilege Vulnerability
Nils Sommer of bytegeist, working with Google Project Zero
Graphics Memory Corruption Vulnerability
Mateusz Jurczyk of Google Project Zero
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Dhanesh Kizhakkinan of FireEye, Inc.
Defense-in-depth
-----------------
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Edge Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Edge Memory Corruption Vulnerability
Shi Ji (@Puzzor) of VARAS@IIE
Microsoft Edge Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Edge Memory Corruption Vulnerability
d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative
Microsoft Edge Elevation of Privilege Vulnerability
lokihardt, working with HP’s Zero Day Initiative
Microsoft Edge Information Disclosure Vulnerability
QianWen Xiang of Tencent QQBrowser
Microsoft Browser Memory Corruption Vulnerability
Liu Long of the Qihoo 360 Vulcan Team
Internet Explorer Memory Corruption Vulnerability
B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
DLL Loading Remote Code Execution Vulnerability
Internet Explorer Information Disclosure Vulnerability
Ladislav Janko, working with ESET
Internet Explorer Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Internet Explorer Memory Corruption Vulnerability
Henry Li (zenhumany) of Trend Micro, working with HP’s Zero Day Initiative
N/A
N/A
Marc Newlin of the Bastille Threat Research Team
March 2016
.NET XML Validation Security Feature Bypass
Win32k Elevation of Privilege Vulnerability
Nils Sommer of bytegeist, working with Google Project Zero
Win32k Elevation of Privilege Vulnerability
Nils Sommer of bytegeist, working with Google Project Zero
Win32k Elevation of Privilege Vulnerability
Jueming of Security Threat Information Center
Win32k Elevation of Privilege Vulnerability
bee13oy of CloverSec Labs, working with HP’s Zero Day Initiative
Win32k Elevation of Privilege Vulnerability
fanxiaocao and pjf of IceSword Lab, Qihoo 360
USB Mass Storage Elevation of Privilege Vulnerability
Andy Davis, NCC Group
Secondary Logon Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Windows Elevation of Privilege Vulnerability
Meysam Firozi @R00tkitSmm
Windows OLE Memory Remote Code Execution Vulnerability
Anonymous, working with HP’s Zero Day Initiative
Windows OLE Memory Remote Code Execution Vulnerability
Anonymous, working with HP’s Zero Day Initiative
Microsoft Office Memory Corruption Vulnerability
Richard Warren of NCC Group
Microsoft Security Feature Bypass Vulnerability
Eric Clausing of AV-TEST GmbH
Microsoft Security Feature Bypass Vulnerability
Ulf Loesche of AV-TEST GmbH
Microsoft Security Feature Bypass Vulnerability
Maik Morgenstern of AV-TEST GmbH
Microsoft Security Feature Bypass Vulnerability
Andreas Marx of AV-TEST GmbH
Microsoft Office Memory Corruption Vulnerability
Jack Tang of Trend Micro
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Windows Remote Code Execution Vulnerability
Mark Yason, IBM X-Force
Windows Remote Code Execution Vulnerability
Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative
Windows Media Parsing Remote Code Execution Vulnerability
OpenType Font Parsing Vulnerability
Mateusz Jurczyk of Google Project Zero
OpenType Font Parsing Vulnerability
Mateusz Jurczyk of Google Project Zero
Library Loading Input Validation Remote Code Execution Vulnerability
Yorick Koster of Securify B.V.
Microsoft Browser Memory Corruption Vulnerability
Liu Long of Qihoo 360
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Microsoft Edge Memory Corruption Vulnerability
The Microsoft ChakraCore Team
Microsoft Edge Memory Corruption Vulnerability
d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
003, working with HP’s Zero Day Initiative
Microsoft Edge Information Disclosure Vulnerability
Richard Shupak
Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge Memory Corruption Vulnerability
The Microsoft ChakraCore Team
Microsoft Edge Memory Corruption Vulnerability
The Microsoft ChakraCore Team
Defense-in-depth
-----------------
0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative
Defense-in-depth
-----------------
Simon Zuckerbraun, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Internet Explorer Memory Corruption Vulnerability
Li Kemeng of the Baidu Security Lab
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Internet Explorer Memory Corruption Vulnerability
sky, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
Hui Gao of Palo Alto Networks
Internet Explorer Memory Corruption Vulnerability
B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Abhishek Arya and Martin Barbella, working with Google Project Zero
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab
Microsoft Browser Memory Corruption Vulnerability
Abhishek Arya working with Google Project Zero
Microsoft Browser Memory Corruption Vulnerability
Martin Barbella, working with Google Project Zero
Internet Explorer Memory Corruption Vulnerability
sky, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
0011, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
Simon Zuckerbraun, working with HP’s Zero Day Initiative
Defense-in-depth
-----------------
Simon Zuckerbraun working with HP’sZero Day Initiative
February 2016
Win32k Elevation of Privilege Vulnerability
fanxiaocao and pjf of Qihoo 360
WebDAV Elevation of Privilege Vulnerability
Microsoft Office Memory Corruption Vulnerability
Lucas Leong of Trend Micro
Microsoft Office Memory Corruption Vulnerability
Lucas Leong of Trend Micro
Microsoft Office Memory Corruption Vulnerability
Lucas Leong of Trend Micro
Microsoft Office Memory Corruption Vulnerability
Kai Lu of Fortinet’s FortiGuard Labs
Microsoft Office Memory Corruption Vulnerability
An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team
Microsoft SharePoint XSS Vulnerability
Hadji Samir of Evolution Security GmbH (Vulnerability Lab)
Windows Elevation of Privilege Vulnerability
Meysam Firozi @R00tkitSmm
Windows Elevation of Privilege Vulnerability
Su Yong Kim of SSLab, Georgia Institute of Technology
Windows Elevation of Privilege Vulnerability
Taesoo Kim of SSLab, Georgia Institute of Technology
Windows Elevation of Privilege Vulnerability
Byoungyoung Lee of SSLab, Georgia Institute of Technology
DLL Loading Remote Code Execution Vulnerability
Greg Linares, working with CyberPoint SRT
DLL Loading Remote Code Execution Vulnerability
Yorick Koster of Securify B.V.
Windows DLL Loading Remote Code Execution Vulnerability
Richard Warren of NCC Group
Windows Kerberos Security Feature Bypass
Vulnerability discovered by Nabeel Ahmed of Dimension Data
Windows Kerberos Security Feature Bypass
Vulnerability discovered by Tom Gilis of Dimension Data
Windows Journal Memory Corruption Vulnerability
Rohit Mothe of VeriSign iDefense Labs
Microsoft Windows Reader Vulnerability
Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative
Microsoft PDF Library Buffer Overflow Vulnerability
Atte Kettunen of OUSPG
Microsoft Browser Memory Corruption Vulnerability
003, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
SkyLined, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
Microsoft Edge ASLR Bypass
Zhang Yunhai of NSFOCUS
Internet Explorer Information Disclosure Vulnerability
Kai Lu of Fortinet’s FortiGuard Labs
Internet Explorer Information Disclosure Vulnerability
Steven Seeley of Source Incite
Microsoft Browser Memory Corruption Vulnerability
003, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
SkyLined, working with HP’s Zero Day Initiative
Microsoft Browser Memory Corruption Vulnerability
Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
SkyLined, working with HP’s Zero Day Initiative
Internet Explorer Memory Corruption Vulnerability
Jack Tang of Trend Micro
Internet Explorer Elevation of Privilege Vulnerability
Masato Kinugawa of Cure53
Internet Explorer Elevation of Privilege Vulnerability
Yosuke HASEGAWA of Secure Sky Technology Inc.
Internet Explorer Memory Corruption Vulnerability
Dhanesh Kizhakkinan of FireEye, Inc.
Internet Explorer Memory Corruption Vulnerability
0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative
Microsoft Browser Spoofing Vulnerability
N/A
N/A
January 2016
Microsoft Exchange Spoofing Vulnerability
Abdulrahman Alqabandi
Microsoft Exchange Spoofing Vulnerability
Alexandru Coltuneac
Microsoft Exchange Spoofing Vulnerability
Nirmal Kirubakaran, Individual
Microsoft Exchange Spoofing Vulnerability
Ysrael Gurt of BugSec
Windows Mount Point Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
Windows Mount Point Elevation of Privilege Vulnerability
James Forshaw of Google Project Zero
DLL Loading Elevation of Privilege Vulnerability
Stefan Kanthak of Me, myself & IT
Windows DirectShow Heap Corruption RCE vulnerability
Steven Vittitoe of Google Project Zero
Windows Library Loading Remote Code Execution Vulnerability
Steven Vittitoe of Google Project Zero
Windows Library Loading Remote Code Execution Vulnerability
Windows Library Loading Remote Code Execution Vulnerability
Debasish Mandal of the Intel Security IPS Vulnerability Research Team
Windows Remote Desktop Protocol Security Bypass Vulnerability
Gal Goldshtein of Citadel
Windows Remote Desktop Protocol Security Bypass Vulnerability
Viktor Minin of Citadel
MAPI LoadLibrary EoP Vulnerability
Ashutosh Mehra, working with HP’s Zero Day Initiative
Silverlight Runtime Remote Code Execution Vulnerability
Anton Ivanov and Costin Raiu of Kaspersky Lab
Windows GDI32.dll ASLR Bypass Vulnerability
Steven Seeley of Source Incite, working with VeriSign iDefense Labs
Win32k Remote Code Execution Vulnerability
Kerem Gümrükcü
Microsoft Office Memory Corruption Vulnerability
Kai Lu of Fortinet’s FortiGuard Labs
ASLR bypass vulnerability
IBM X-Forcer researcher Tom Kahana
ASLR bypass vulnerability
IBM X-Forcer researcher Elad Menahem
Microsoft SharePoint Security Feature Bypass Vulnerability
Jonas Nilsson of Disruptive Innovations AB
Microsoft Office Memory Corruption Vulnerability
Steven Seeley of Source Incite, working with HP’s Zero Day Initiative
Scripting Engine Memory Corruption Vulnerability
Anonymous contributor, working with VeriSign iDefense Labs
Microsoft Edge Memory Corruption Vulnerability
003, working with HP’s Zero Day Initiative
Microsoft Edge Memory Corruption Vulnerability
Shi Ji (@Puzzor) of VARAS@IIE
Scripting Engine Memory Corruption Vulnerability
CESG
Scripting Engine Memory Corruption Vulnerability
Anonymous contributor, working with VeriSign iDefense Labs
Defense-in-depth
-----------------
Jack Tang of Trend Micro
Defense-in-depth
-----------------
Wenbin Zheng of Qihoo 360 Vulcan Team
Defense-in-depth
-----------------
Heige (a.k.a. SuperHei) from Knownsec 404 Security Team
Defense-in-depth
-----------------
Thanks to Patrick Donahue, CloudFlare, for assistance in identifying the issue.
Defense-in-depth
-----------------
Thanks to Jeremiah Cohick, Fitbit, for assistance in identifying the issue.
Defense-in-depth
-----------------
Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.