Monorail Project: project-zero Issues People Development process History Sign in
New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  293 ---- Fixed ---- ---- cevans@google.com Windows kernel: use-after-free in bitmap handling CCProjectZeroMembers  
  294 ---- Fixed ---- ---- cevans@google.com Windows kernel: NULL pointer dereference with window station and clipboard CCProjectZeroMembers  
  295 ---- Fixed ---- ---- cevans@google.com Windows kernel: use-after-free in WindowStation CCProjectZeroMembers  
  304 ---- Fixed ---- ---- cevans@google.com Windows kernel: Brush object Use-after-free vulnerability CCProjectZeroMembers  
  311 ---- Fixed ---- ---- cevans@google.com Window kernel: use-after-free in bitmap handling #2 CCProjectZeroMembers  
  312 ---- Fixed ---- ---- cevans@google.com Windows kernel: possible NULL pointer dereference of a SURFOBJ CCProjectZeroMembers  
  313 ---- Fixed ---- ---- cevans@google.com Windows kernel: buffer overflow in win32k!vSolidFillRect CCProjectZeroMembers  
  320 ---- Fixed ---- ---- cevans@google.com Windows kernel: use-after-free in HmgAllocateObjectAttr CCProjectZeroMembers  
  321 ---- Fixed ---- ---- cevans@google.com Windows kernel: pool buffer overflow drawing caption bar CCProjectZeroMembers  
  335 ---- Fixed ---- ---- cevans@google.com Windows kernel: use-after-free with UserCommitDesktopMemory CCProjectZeroMembers  
  339 ---- Fixed ---- ---- cevans@google.com Windows kernel: DeferWindowPos use-after-free CCProjectZeroMembers  
  415 ---- Fixed ---- ---- hawkes@google.com Windows kernel: pool buffer overflows in NtGdiStretchBlt CCProjectZeroMembers  
  433 ---- Fixed ---- ---- hawkes@google.com Windows kernel: use-after-free with printer device contexts CCProjectZeroMembers  
  457 ---- Fixed ---- ---- hawkes@google.com Windows kernel: use-after-free with cursor object CCProjectZeroMembers  
  458 ---- Fixed ---- ---- hawkes@google.com Windows kernel: use-after-free in bGetRealizedBrush CCProjectZeroMembers  
  474 ---- Fixed ---- ---- hawkes@google.com Windows kernel: buffer overflow in NtGdiBitBlt CCProjectZeroMembers  
  475 ---- Fixed ---- ---- hawkes@google.com Windows kernel: FlashWindowEx​ memory corruption CCProjectZeroMembers  
  505 ---- Fixed ---- ---- hawkes@google.com Windows kernel use-after-free with device contexts and NtGdiSelectBitmap CCProjectZeroMembers  
  508 ---- WontFix ---- ---- hawkes@google.com Windows kernel NtUserScrollDC memory corruption CCProjectZeroMembers  
  509 ---- Fixed ---- ---- hawkes@google.com Windows race condition leading to use after free ​in DestroySMWP CCProjectZeroMembers  
  510 ---- Fixed ---- ---- hawkes@google.com Windows Cursor object potential memory leak CCProjectZeroMembers  
  516 ---- Fixed ---- ---- hawkes@google.com Windows ndis.sys IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) pool buffer overflow CCProjectZeroMembers  
  533 ---- Fixed ---- ---- hawkes@google.com win32k clipboard Bitmap use-after-free vulnerability CCProjectZeroMembers  
  534 ---- Fixed ---- ---- hawkes@google.com win32k null pointer derefence with Desktop and Clipboard CCProjectZeroMembers  
  544 ---- Fixed ---- ---- hawkes@google.com Windows kernel null pointer dereference in win32k!OffsetChildren CCProjectZeroMembers  
  685 ---- Fixed ---- ---- hawkes@google.com Windows kernel: NtGdiGetTextExtentExW out-of-bounds memory read CCProjectZeroMembers  
  686 ---- Fixed ---- ---- hawkes@google.com Windows kernel: bitmap use-after-free CCProjectZeroMembers  
  707 ---- Fixed ---- ---- hawkes@google.com Windows kernel: DrawMenuBarTemp wild-write on 64-bit CCProjectZeroMembers  
  746 ---- Fixed ---- ---- hawkes@google.com Windows 7 win32k bitmap use-after-free (#1) CCProjectZeroMembers  
  747 ---- Fixed ---- ---- hawkes@google.com Windows 7 win32k bitmap use-after-free (#2) CCProjectZeroMembers