

The vulnerability exists due to a type confusion error within the object transition cache. However, proof of concept for this vulnerability is available. We are not aware of malware exploiting this vulnerability. A remote atacker can trick a victim to open a specially crafted file or visit a malicioous page, exploit the race and gain unauthorized access to sensitive information on the target system. The vulnerability exists due to a race condition.

The vulnerability allows a remote attacker to gain access to sensitive information on the system. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.ĬVSSv3.1: 5.9 ĬWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a download's origin may be incorrectly associated.ĬWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer The vulnerability exists due to logical errors. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.ĬVSSv3.1: 3.8

A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger a type confusion error and execute arbitrary code on the target system. The vulnerability exists due to a type confusion error when processing maliciously crafted web content. The vulnerability allows a remote attacker to execute arbitrary code on the target system. We are not aware of malware exploiting this vulnerability.ĬVSSv3.1: 7.7 ĬWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') Is there known malware, which exploits this vulnerability? The attacker would have to trick the victim to visit a specially crafted website. How the attacker can exploit this vulnerability?

This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
