0day Exploit Root Cause Analyses

Posted by Maddie Stone, Project Zero (2020-07-27)

Beginning in 2019, Project Zero began a program to systematically study 0-day exploits that are used in the wild. It’s another way we’re trying to make 0-day hard. We published our tracking spreadsheet for recording publicly known cases of detected 0-day exploits. Today we’re beginning to share the root cause analyses we perform on these detected 0-day exploits. To better understand our approach and reasoning behind these analyses, please read this blog post

Date Published
CVE
Title
Link
2020-07-29
CVE-2019-7286
iOS use-after-free in CFPrefsDaemon
2020-07-29
CVE-2019-7287
iOS buffer overflow in ProvInfoIOKitUserClient
2020-07-29
CVE-2019-11707
Firefox type confusion in Array.pop
2020-07-29
CVE-2019-1367
JScript use-after-free in Internet Explorer
2020-07-29
CVE-2019-2215
Android use-after-free in Binder
2020-07-29
CVE-2019-13720
Chrome use-after-free in webaudio
2020-07-29
CVE-2019-1429
JScript use-after-free in Internet Explorer (See CVE-2019-1367)
2020-07-29
CVE-2019-1458
Windows win32k uninitialized variable in task switching
2020-08-05
CVE-2019-17026
Firefox Type Confusion in IonMonkey
2020-08-05
CVE-2020-0674
JScript Use-after-Free in Internet Explorer
2020-08-05
CVE-2020-6820
Firefox UAF in Cache
2020-08-24
CVE-2020-1380
Internet Explorer JScript9 UAF
2020-09-02
CVE-2020-0986
Windows splwow64 Untrusted Pointer Dereference
2021-01-12
CVE-2020-6418
Chrome JIT JSCreate SideEffect Mishandling
2021-01-12
CVE-2020-0938
Windows Font Driver Type 1 BlendDesignPositions stack corruption
2021-01-12
CVE-2020-1020
Windows Font Driver Type 1 VToHOrigin stack corruption
2021-01-12
CVE-2020-1027
Windows buffer overflow in CSRSS
2021-02-04
CVE-2020-15999
FreeType heap buffer overflow in Load_SBit_Png
2021-02-04
CVE-2020-17087
Windows pool buffer overflow in cng.sys IOCTL
2021-02-04
CVE-2020-16009
Chrome Turbofan Type Confusion after Map Deprecation
2021-02-04
CVE-2020-16010
Chrome for Android ConvertToJavaBitmap Heap Buffer Overflow
2021-02-04
CVE-2020-27930
Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
2021-02-04
CVE-2020-27950
XNU Kernel Memory Disclosure in Mach Message Trailers
2021-02-04
CVE-2020-27932
iOS Kernel privesc with turnstiles

We will continue to publish new root cause analyses as they are completed, hopefully in a very timely manner. We hope other researchers who detect and/or analyze 0-day exploits will also publish this information to better inform actions and decision making in the security and tech communities. The template that we use is available here. Please see the blog post linked in the first paragraph for more information.

Our goal is that this information helps the security and technical communities. Please reach out with any feedback or suggestions.

No comments:

Post a Comment