How about this heap overflow bug in the UEFI bitmap (BMP) library: https://nvd.nist.gov/vuln/detail/CVE-2021-38577 Exploitable via network, no user interaction and no special privileges required. Scores 9.8 on a scale…
Ya'll ain't seen nothing yet. For a time the leading UEFI vendor, Phoenix Technologies, had a web browser in their UEFI BIOS. Some photos from WinHEC 2005 can be seen here: https://www.anandtech.com/show/1670/8 This was…
How about this heap overflow bug in the UEFI bitmap (BMP) library: https://nvd.nist.gov/vuln/detail/CVE-2021-38577 Exploitable via network, no user interaction and no special privileges required. Scores 9.8 on a scale…
Ya'll ain't seen nothing yet. For a time the leading UEFI vendor, Phoenix Technologies, had a web browser in their UEFI BIOS. Some photos from WinHEC 2005 can be seen here: https://www.anandtech.com/show/1670/8 This was…