Exodus Intelligence
blog.exodusintel.com › home › adobe acrobat reader escript.api use-after-free remote code execution
Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution - Exodus Intelligence
June 2, 2026 - Trigger the Use-After-Free – Leverage the bug to create a dangling pointer in the event scope stack, then trigger the garbage collector to free the scoped object while a scope stack entry still holds a reference to it.
Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
For information edit: To what extent is this related to IPFire? edit2 Small supplement More on community.ipfire.org
How can "use after free" exploit lead into execution of code?
if the memory has been previously freed, you are now ok to write it by allocating your own objects (heap spray). if you can overwrite a function pointer within the old object i.e. the vtable for a C++ object, you can then cause arbitrary code execution when the object is next used and the function pointer is called. More on reddit.com
Foxit PDF Reader - Use after Free - Remote Code Execution Exploit
As much as I hate Adobe from an enterprise standpoint the alternatives are shockingly bad More on reddit.com
Python IDE that connects to a remote server
Looks like PyCharm can do it. Remote interpreter https://www.jetbrains.com/pycharm/quickstart/index.html
More on reddit.comWhat Is Arbitrary Code Execution?
ACE is a critical security concern because it allows an attacker to execute commands that affect the host system without restriction. Attackers can leverage this execution privilege to install malware, create backdoors, or gain persistent access to sensitive environments. There are several common vulnerabilities that lead to ACE, including deserialization, the LDD command (list dynamic dependencies) in Linux systems, memory safety issues, and type confusion.
aquasec.com
aquasec.com › home › cloud attacks › arbitrary code execution
Arbitrary Code Execution: 6 Attack Examples and Mitigation Steps
Can use-after-free vulnerabilities be exploited remotely?
Yes. When a UAF vulnerability exists in software that processes untrusted input, such as a web browser rendering a malicious webpage, an attacker can trigger the exploit remotely without physical access to the endpoint. Browser-based UAF exploits are among the most common remote attack vectors.
automox.com
automox.com › blog › vulnerability-definition-use-after-free
What Is a Use-After-Free Vulnerability? | Automox
How serious are use-after-free vulnerabilities?
Very serious. MITRE ranked use-after-free as the fourth most dangerous software weakness in 2024. These vulnerabilities frequently lead to remote code execution with elevated privileges, making them high-priority targets for both attackers and patch management teams.
automox.com
automox.com › blog › vulnerability-definition-use-after-free
What Is a Use-After-Free Vulnerability? | Automox
Snyk Learn
learn.snyk.io › home › security education › use after free vulnerability | tutorial & examples
Use after free vulnerability | Tutorial & Examples | Snyk Learn
September 28, 2023 - UAF bugs occur when a program continues to access a memory location after the memory has been freed or deallocated. This can lead to unexpected behavior, crashes or even security vulnerabilities such as remote code execution or privilege escalation.
Medium
expl0it32.medium.com › demystifying-use-after-free-vulnerabilities-a-deep-dive-into-memory-safety-issues-78ee7f8d44c2
Demystifying Use-After-Free Vulnerabilities: A Deep Dive into Memory Safety Issues | by eXpl0it_32 | Medium
April 23, 2025 - Memory Corruption: The memory that was freed might be reused for different purposes. If the program accesses this region, it could inadvertently corrupt data. Remote Code Execution: In some cases, especially with function pointers or vtable entries (used in polymorphism), attackers can exploit UAF bugs to overwrite critical data and execute arbitrary code, escalating privileges.
Trend Micro
trendmicro.com › vinfo › us › threat-encyclopedia › vulnerability › 1558 › webkit-element-runin-styling-useafterfree-remote-code-execution-vulnerability
WebKit Element Run-In Styling Use-After-Free Remote Code Execution Vulnerability - Threat Encyclopedia
July 21, 2015 - Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
MITRE
cwe.mitre.org › data › definitions › 416.html
CWE-416: Use After Free - Common Weakness Enumeration
Common Weakness Enumeration (CWE) is a list of software weaknesses.
CVE Details
cvedetails.com › bugtraq-bid › 52159 › Dropbear-SSH-Server-Use-After-Free-Remote-Code-Execution-Vul.html
CVE security vulnerability database. Security vulnerabilities, exploits, references and more
CVEDetails.com is a vulnerability intelligence solution providing CVE security vulnerability database, exploits, advisories, product and CVE risk scores, attack surface intelligence, open source vulnerabilities, code changes, vulnerabilities affecting your attack surface and software inventory/tech stack.
SecureFlag
blog.secureflag.com › 2025 › 11 › 21 › what-is-remote-code-execution
What Is Remote Code Execution? A Quick Guide | SecureFlag
November 21, 2025 - Even strong network segmentation or perimeter controls can fail if one internal service has a flaw that allows remote code execution. As mentioned earlier, a recent Redis attack shows how RCE vulnerabilities can hide in plain sight. Last month, researchers disclosed RediShell, a use-after-free ...
Trend Micro
trendmicro.com › vinfo › sg › threat-encyclopedia › vulnerability › 7705 › php-use-after-free-remote-code-execution-vulnerability-cve-2016-7479
PHP Use After Free Remote Code Execution Vulnerability (CVE-2016-7479) - Threat Encyclopedia | Trend Micro (SG)
PHP is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications.
Firewalls.com
firewalls.com › home › use after free (uaf)
Use After Free (UAF) - Firewalls.com
November 25, 2019 - Use After Free (UAF) refers to ... it (or freed) – after that memory has been assigned to another application. This can cause crashes and data to be inadvertently overwritten, or in cyber attack scenarios can lead to arbitrary code execution or allow an attacker to gain remote code execution ...
Tenable
tenable.com › plugins › nessus › 104815
Exim < 4.89.1 Use-After-Free BDAT Remote Code Execution<!-- --> | Tenable®
According to its banner and supported extensions, the remote installation of Exim is affected by a code execution flaw. The implementation of the BDAT SMTP verb for sending large binary messages introduced in Exim 4.88 can incorrectly free an in-use region of memory, leading to memory corruption and potentially allowing an attacker to execute code.
Reddit
reddit.com › r/pentesting › how can "use after free" exploit lead into execution of code?
r/Pentesting on Reddit: How can "use after free" exploit lead into execution of code?
June 18, 2020 -
Recently I tried to use one of the "vm escape" exploits on a vm which provides code execution on the host operating system. The exploit itself was based on the fact that there is a "use after free" case in the "drag and drop" mechanism of vmware ( i listed the cve below ).
Though I understand the "use after free" bug, I couldn't realize how it lead into code execution.
So if it wasn't clear from the story, my question is how can "use after free" bug lead into code execution?
The cve i referring: https://www.exploit-db.com/exploits/44533
Linux Security
linuxsecurity.com › features › what-is-a-use-after-free-uaf-vulnerability
Use After Free Vulnerability in Linux Servers: Risks and Mitigation
August 14, 2025 - If left unresolved, use after free vulnerabilities pose severe risks. At their most benign, these bugs destabilize the system, resulting in random crashes or reboots. At their worst, unpatched UAFs lead to: Privilege Escalation: Attackers can execute code with kernel-level privileges, effectively compromising the entire system. Data Leakage: Sensitive data may reside in deallocated memory areas, exposing secrets to unauthorized users. System Takeover: Remote code execution (RCE) exploits are not uncommon, giving attackers full control over targeted services.
DevSecOps Now!!!
devsecopsnow.com › home › what is use after free? meaning, examples, use cases & complete guide
What is use after free? Meaning, Examples, Use Cases & Complete Guide - DevSecOps Now!!!
February 21, 2026 - Remote exploit: UAF in a protocol parser allows attacker to execute code on a container host. Sidecar destabilization: a logging agent with UAF causes entire pod to restart repeatedly. Cold-start failure: serverless function fails to initialize due to UAF in native library loaded at startup.