Michael DePlante
~ /Users ls
izobashi
Blog Posts:
USING IO NINJA TO ANALYZE NPFS
IS EXPLOITING A NULL POINTER DEREF FOR LPE JUST A PIPE DREAM?
BREAKING BARRIERS AND ASSUMPTIONS: TECHNIQUES FOR PRIVILEGE ESCALATION ON WINDOWS: PART 1
BREAKING BARRIERS AND ASSUMPTIONS: TECHNIQUES FOR PRIVILEGE ESCALATION ON WINDOWS: PART 2
BREAKING BARRIERS AND ASSUMPTIONS: TECHNIQUES FOR PRIVILEGE ESCALATION ON WINDOWS: PART 3
Presentations:
Mar 2019 - Speaker: "ICS HMI Research" @ InfoSec Southwest in Austin, Texas
Aug 2019 - Speaker: "Overflowing a Bug Bounty's Buffers with SCADA Vulnerabilities" @ ICSJWG Conference in Springfield, Massachusetts
Oct 2019 - Keynote Speaker: "The SCADA Vulnerability Landscape" @ 8.8 Computer Security Conference in Mexico City, Mexico
Upcoming Advisories:
Filter with "izobashi" @ https://www.zerodayinitiative.com/advisories/upcoming/
Published Vulnerabilities:
*A single CVE assignment may contain several unique bugs
2024:
CVE-2024-27829: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-27877: Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-27857: Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-27857: Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-40846: Apple macOS AppleIntelKBLGraphicsMTLDriver Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-40841: Apple macOS AppleIntelKBLGraphicsMTLDriver Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-44160: Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-44161: Apple macOS AppleGVA Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-44154: Apple macOS VideoToolbox Uninitialized Memory Information Disclosure Vulnerability
CVE-2024-27861: Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2024-27860: Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
(0-day)CVE-2024-7249: Comodo Firewall Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7238: VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7240: F-Secure Total Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7241: Panda Security Dome Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7242: Panda Security Dome Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7243: Panda Security Dome Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7244: Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7245: Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7232: Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7237: AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7236: AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability
(0-day)CVE-2024-7234: AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-7227: Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-6147: Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability
(0-day)CVE-2024-72354: AVG AntiVirus Free Link Following Denial-of-Service Vulnerability
(0-day)CVE-2024-72354: Avast Free Antivirus Link Following Denial-of-Service Vulnerability
CVE-2024-0353: ESET Smart Security Premium ekrn Link Following Local Privilege Escalation Vulnerability
CVE-2024-2003: ESET Smart Security Premium Link Following Local Privilege Escalation Vulnerability
CVE-2024-4454: WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
CVE-2024-3037: PaperCut NG pc-web-print Link Following Local Privilege Escalation Vulnerability
CVE-2024-3037: PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability
CVE-2024-32849: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
2023:
CVE-2023-42902: Apple macOS AppleGraphicsControl Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-42826: Apple macOS Hydra File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-42856: Apple macOS Model I/O File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2023-42888: Apple macOS ImageIO File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-32375: Apple macOS Hydra File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-38421: Apple macOS Hydra File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-28285: Microsoft Office SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
(0-day) CVE-2023-27911: Microsoft 3D Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-6006: PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2023-38627: Trend Micro Apex Central modTXSO Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2023-21582: Adobe Digital Editions PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-44430: Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2023-25009: Autodesk 3DS Max USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-25006: Autodesk 3DS Max USD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2023-25001: Autodesk 3DS Max SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2023-26336: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2023-25901: Adobe Dimension USD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2023-25899: Adobe Dimension USD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2023-25898: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-25897: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-26330: Adobe Dimension USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2022:
CVE-2022-26751: Apple AppleGraphicsControl Double Free Remote Code Execution Vulnerability
CVE-2022-47211: Microsoft Word SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2022-21908: Windows Installer Local Privilege Escalation Vulnerability
CVE-2022-35825: Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-41107: Microsoft Office FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2022-43653: Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2022-43651: Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2022-43655: Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
(0-day) CVE-2022-43617: Corel CorelDRAW Graphics Suite PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
(0-day) CVE-2022-43618: Corel CorelDRAW Graphics Suite PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
(0-day) CVE-2022-43616: Corel CorelDRAW Graphics Suite EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
(0-day) CVE-2022-43614: Corel CorelDRAW Graphics Suite GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
(0-day) CVE-2022-43613: Corel CorelDRAW Graphics Suite CGM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2022-33882: Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability
CVE-2022-33882: Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability
CVE-2022-40709: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-40708: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-40707: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-35234: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-37347: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-37348: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2022-2897: Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability
CVE-2022-2897: Measuresoft ScadaPro Client Link Following Local Privilege Escalation Vulnerability
CVE-2022-2898: Measuresoft ScadaPro Server Link Following Denial-Of-Service Vulnerability
CVE-2022-2898: Measuresoft ScadaPro Client Link Following Denial-Of-Service Vulnerability
(0-day) ZDI-CAN-14615: Epic Games Link Following Denial-Of-Service Vulnerability
(0-day) ZDI-CAN-14604: Epic Games Link Following Denial-Of-Service Vulnerability
CVE-2022-28702: ABB e-Design Link Following Denial-Of-Service Vulnerability
CVE-2022-29483: ABB e-Design Link Following Local Privilege Escalation Vulnerability
CVE-2022-31219: ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability
CVE-2022-31218: ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability
CVE-2022-31216: ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability
CVE-2022-31217: ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability
2021:
(0-day) ZDI-CAN-14528: Microsoft .NET Link Following Denial-Of-Service Vulnerability
(0-day) ZDI-CAN-14586: Microsoft Visual Studio Link Following Denial-Of-Service Vulnerability
(0-day) ZDI-CAN-14534: Microsoft Visual Studio Link Following Denial-Of-Service Vulnerability
(0-day) ZDI-CAN-14533: Microsoft Visual Studio Link Following Denial-Of-Service Vulnerability
CVE-2021-4199: Bitdefender Endpoint Security Tools & Total Security Link Following Local Privilege Escalation Vulnerability
CVE-2021-4198: Bitdefender Endpoint Security Tools & Total Security Link Following Denial-Of-Service Vulnerability
CVE-2021-45442: Trend Micro Worry-free Business Security Link Following Denial-Of-Service Vulnerability
CVE-2021-44023: Trend Micro Maximum Security Link Following Denial-Of-Service Vulnerability
CVE-2021-27041: ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-27040: ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2021-26434: Microsoft Visual Studio Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2021-40156: Autodesk Navisworks DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-40155: Autodesk Navisworks DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-27046: Autodesk Navisworks PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
(0-day) ZDI-CAN-13170: Autodesk Meshmixer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability
(0-day) ZDI-CAN-13169: Autodesk Meshmixer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2021-27040: Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-27040: Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-27040: Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-27040: Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-27040: Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31514: OpenText Brava! Desktop BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31513: OpenText Brava! Desktop BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31512: OpenText Brava! Desktop TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-31511: OpenText Brava! Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31510: OpenText Brava! Desktop TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-31509: OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31508: OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31502: OpenText Brava! Desktop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2021-31497: OpenText Brava! Desktop DWG File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2021-31496: OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31495: OpenText Brava! Desktop DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2021-31494: OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-31493: OpenText Brava! Desktop DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2021-25234: Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
CVE-2021-25233: Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
CVE-2021-25227: Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability
CVE-2021-25226: Trend Micro ServerProtect vsapiapp Memory Exhaustion Denial-Of-Service Vulnerability
CVE-2021-25225: Trend Micro ServerProtect splx_schedule_scan Memory Exhaustion Denial-Of-Service Vulnerability
CVE-2021-25177: Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
CVE-2021-25176: Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
CVE-2021-25175: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-25175: Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
CVE-2021-25175: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-25175: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-27044: Siemens Solid Edge Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2020:
CVE-2020-3765: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2020-28577: Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
CVE-2020-25774: Trend Micro OfficeScan ServerMigrationTool ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019:
CVE-2019-18251: OMRON CX-Supervisor Vulnerable Third-Party Component Remote Code Execution Vulnerability
CVE-2019-10996: Red Lion Crimson CD3 File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2019-10990: Red Lion Crimson Hard-coded Cryptographic Key Information Disclosure Vulnerability
CVE-2019-10984: Red Lion Crimson CD3 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
CVE-2019-10978: Red Lion Crimson CD3 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2019-10978: Red Lion Crimson CD31 File Parsing Memory Corruption Remote Code Execution Vulnerability
2018:
CVE-2018-10616: ABB Panel Builder BeECOM IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder YAMAHA_VIP_robot_Pre Format String Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder SIMATIC_S5_3964R_Pre UserSettings Format String Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder Yaskawa_FSP_Pre StationsList Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder KEB_COMBIVERT_Pre UserSettings Format String Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder BEYaskawaSMC IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder bemodbus ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder bemodbus Nodes Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder bemodbus TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder beSaia_Ethernet IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder bes7mpidirect ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder beOMRON TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder UserSettings Format String Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder Allen Bradley MicroLogix TCP_IP_Address Heap-based Buffer Overflow Remote Code Execution Vulnerabilities
CVE-2018-10616: ABB Panel Builder Animatics_SmartMotor UserSettings Format String Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder beFesto IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder BEControlLogix IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder BeECOM IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder beDVT IpAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder Becomli CommandLineOptions Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-10616: ABB Panel Builder Begalil IPAddress Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2018-7527: Wecon PI Studio HMI Project Programmer TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability
2017:
CVE-2017-16753: Advantech WebAccess - Improper Input Validation
CVE-2017-16735: ECAVA IntegraXor - SQL Injection
CVE-2017-16733: ECAVA IntegraXor - SQL Injection
CVE-2017-16717: WECON LeviStudio HMI - Heap-based Buffer Overflow