Vulnerabilities tagged "desktop"

[Chrome] heap-use-after-free in AccountSelectionBubbleView::OnAccountImageFetched

Callbacks can be tricky in memory-unsafe languages, here we have the Chrome Account Selection feature creating an image view and an image fetcher. Sets up a callback function to be called once the account's image has been fetched and passes in the raw pointer to the created image_view, the problem being that the image view may be destroyed before the callback happens.

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

So Java's Swing UI Toolkit in some cases will try to parse any strings that start with a `<` as HTML, and dangerously so as its handling of `` tags will attempt to initialize a class with the name from the `classid` attribute (must inherit from `java.awt.Component`), and it will attempt to set any `` tags through their setter functions.

Iconics Support for `gdfx` Files Results in Command Injection

This seemed to mostly be an exercise in attack surface discovery, scanning the files used by Iconics they found support for `gdfx` files with support for embeded JavaScript, including the ability to load an ActiveX object and execute shell commands on the local machine. Despite this being an apparently surface level issue, it survived until Pwn2Own and through multiple other contestants (the author was 5th of 7 against the application) to net them a $20,000 bounty.