Originally published by Maddie Stone on the Google Project Zero
blog on 27 July 2020
Beginning in 2019, Project Zero began a program to systematically study 0-day exploits that are used in the wild. It’s another way we’re trying to make 0-day hard. We published our tracking spreadsheet for recording publicly known cases of detected 0-day exploits. Today we’re beginning to share the root cause analyses we perform on these detected 0-day exploits. To better understand our approach and reasoning behind these analyses, please read this blog post.
We will continue to publish new root cause analyses as they are completed, hopefully in a very timely manner. We hope other researchers who detect and/or analyze 0-day exploits will also publish this information to better inform actions and decision making in the security and tech communities. The template that we use is available here. We welcome pull requests!
Our goal is that this information helps the security and technical communities. Please reach out with any feedback or suggestions.
CVE |
Link |
CVE-2019-11707: IonMonkey Type Confusion in Array.Pop |
|
CVE-2019-1367: Internet Explorer JScript use-after-free |
|
CVE-2019-13720: Chrome use-after-free in webaudio |
|
CVE-2019-1458: Windows win32k uninitialized variable in task switching |
|
CVE-2019-2215: Android use-after-free in Binder |
|
CVE-2019-7286: iOS use-after-free in cfprefsd |
|
CVE-2019-7287: iOS Buffer Overflow in ProvInfoIOKitUserClient |
|
CVE-2019-17026: Firefox Type Confusion in IonMonkey |
|
CVE-2020-0674: Internet Explorer use-after-free in JScript |
|
CVE-2020-0938: Windows Font Driver Type 1 BlendDesignPositions stack corruption |
|
CVE-2020-0986: Windows splwow64 Untrusted Pointer Dereference |
|
CVE-2020-1020: Windows Font Driver Type 1 VToHOrigin stack corruption |
|
CVE-2020-1027: Windows buffer overflow in CSRSS |
|
CVE-2020-1380: Internet Explorer JScript9 Use-after-Free |
|
CVE-2020-15999: FreeType Heap Buffer Overflow in Load_SBit_Png |
|
CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation |
|
CVE-2020-16010: Chrome for Android ConvertToJavaBitmap Heap Buffer Overflow |
|
CVE-2020-17087: Windows pool buffer overflow in cng.sys IOCTL |
|
CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib |
|
CVE-2020-27932: iOS Kernel privesc with turnstiles |
|
CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers |
|
CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions |
|
CVE-2020-6820: Firefox use-after-free in Cache |
|
CVE-2021-1647: Windows Defender mpengine remote code execution |
|
CVE-2021-1732: Windows win32k flag setting out of sync in xxCreateWindowEx |
|
CVE-2021-26411: Internet Explorer MSHTML Double-Free |
|
CVE-2021-26855: Microsoft Exchange Server-Side Request Forgery |
|
0-day Root Cause Analysis Template |
|