Known Exploited Vulnerabilities Use After Free Capability Group

This vulnerability is exploited by having a user open a maliciously-crafted pdf file, which can result in arbitrary code execution.

CVE-2021-21206 allows an adversary to use JavaScript to exploit the Blink rendering engine of the Chromium Browser that allows for execution of arbitrary code.

CVE-2021-21206 allows an adversary to use JavaScript to exploit the Blink rendering engine of the Chromium Browser that allows for execution of arbitrary code.

CVE-2021-30554 allows an adversary to use JavaScript to exploit WebGL component of the Chromium browser that allows for execution of arbitrary code.

CVE-2021-30554 allows an adversary to use JavaScript to exploit WebGL component of the Chromium browser that allows for execution of arbitrary code.

CVE-2021-37975 allows an adversary to use JavaScript to exploit the Chromium browser V8 JavaScript engine which allows for a write into the heap.

CVE-2021-37975 allows an adversary to use JavaScript to exploit the Chromium browser V8 JavaScript engine which allows for a write into the heap.

This vulnerability is exploited by an unprivileged attacker by conducting malicious activity in GPU memory, gaining access to already freed memory. If successful, the threat actor could escalate their privileges to root as well as gain access to sensitive information. Detailed information about how adversaries exploit the GPU are not publicly available.

This vulnerability is exploited by an unprivileged attacker by conducting malicious activity in GPU memory, gaining access to already freed memory. If successful, the threat actor could escalate their privileges to root as well as gain access to sensitive information. Detailed information about how adversaries exploit the GPU are not publicly available.

This use-after-free vulnerability is exploited in-the-wild by drive-by-download.

To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.

This vulnerability has been exploited in the wild by multiple different threat actors. Threat groups send phishing emails with URLs where maliciously-crafted javascript is hosted. This CVE has many mappable exploitation techniques and impacts. These adversaries using this exploit to deliver malicious payloads to the target machines establish DLL backdoors.

To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.

This vulnerability has been exploited in the wild by multiple different threat actors. Threat groups send phishing emails with URLs where maliciously-crafted javascript is hosted. This CVE has many mappable exploitation techniques and impacts. These adversaries using this exploit to deliver malicious payloads to the target machines establish DLL backdoors.

To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.

To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.

To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.

This vulnerability is exploited by an unprivileged attacker by conducting malicious activity in GPU memory, gaining access to already freed memory. If successful, the threat actor could escalate their privileges to root as well as gain access to sensitive information. Detailed information about how adversaries exploit the GPU are not publicly available.

The exploitation technique for this vulnerability is based on a vulnerability in Client software. In the wild, this was seen to be exploited by a malicious excel file. The observed goals of this exploit from Group 123 are remote access and data exfiltration.

The exploitation technique for this vulnerability is based on a vulnerability in Client software. In the wild, this was seen to be exploited by a malicious excel file. The observed goals of this exploit from Group 123 are remote access and data exfiltration. Installation of the remote access software could allow for a number of different secondary impacts. See the MITRE ATT&CK reference on the DOGCALL software for more information.

The exploitation technique for this vulnerability is based on a vulnerability in Client software. In the wild, this was seen to be exploited by a malicious excel file. The observed goals of this exploit from Group 123 are remote access and data exfiltration.

This exploit requires a user to open a malicious file. It can then result in execution of arbitrary code which could have any number of impacts.

This use-after-free vulnerability is exploited by having the user open a maliciously-crafted file. This CVE was observed to be exploited by the threat actor known as BlackOasis. The threat actor then installs command and control tools.

This use-after-free vulnerability is exploited by having the user open a maliciously-crafted file. This CVE was observed to be exploited by the threat actor known as BlackOasis.

This vulnerability is exploited by having a user open a maliciously-crafted pdf file, which can result in arbitrary code execution.

This vulnerability is exploited by having the user open a maliciously-crafted pdf file. In the wild, this has been observed to result in a malicious actor installing a custom executable on the victim's machine, and establishing communications.

This vulnerability is exploited by having the user open a maliciously-crafted pdf file. In the wild, this has been observed to result in a malicious actor installing a custom executable on the victim's machine, and establishing communications.

This vulnerability is exploited via a maliciously-crafted file.

This vulnerability is exploited by having users visit a maliciously website.

This vulnerability is exploited via a maliciously-crafted Word document, which then extracts the adversary's RAT tool.

This vulnerability is exploited via a maliciously-crafted Word document, which then extracts the adversary's RAT tool.

This vulnerability is exploited through an authentication bypass weakness in the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure. Remote attackers leverage this vulnerability to perform remote arbitrary code execution on the Pulse Connect Secure gateway by bypassing authentication controls. The threat actor group UNC2630 has utilized this flaw to harvest login credentials, allowing them to move laterally within affected environments.

This vulnerability is exploited through an authentication bypass weakness in the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure. Remote attackers leverage this vulnerability to perform remote arbitrary code execution on the Pulse Connect Secure gateway by bypassing authentication controls. The threat actor group UNC2630 has utilized this flaw to harvest login credentials, allowing them to move laterally within affected environments.

This vulnerability is exploited through an authentication bypass weakness in the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure. Remote attackers leverage this vulnerability to perform remote arbitrary code execution on the Pulse Connect Secure gateway by bypassing authentication controls. The threat actor group UNC2630 has utilized this flaw to harvest login credentials, allowing them to move laterally within affected environments.

CVE-2024-4671 is a use-after-free vulnerability where an adversary can perform a sandbox escape via a maliciously-crafted HTML page.

CVE-2024-4671 is a use-after-free vulnerability where an adversary can perform a sandbox escape via a maliciously-crafted HTML page.

This vulnerability has been exploited by a remote attacker to perform a sandbox escape via a crafted HTML page that allowed the attacker to exploit a heap corruption. This vulnerability was chained together with other CVEs during a spyware campaign performed by a customer or partner of a Spanish spyware company known as Variston IT.

This vulnerability has been exploited by a remote attacker to perform a sandbox escape via a crafted HTML page that allowed the attacker to exploit a heap corruption. This vulnerability was chained together with other CVEs during a spyware campaign performed by a customer or partner of a Spanish spyware company known as Variston IT.