Bug Bounties and CVE Credits

At one time, I was very interested in application security, especially application sandboxes. Here’re some CVEs and accolades collected during that time.

Reported and credited in 18 CVEs for Windows and Internt Explorer sandbox vulnerabilities (1, 2).

CVE-2015-0078 Win32k Elevation of Privilege Vulnerability
CVE-2015-1627 Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1688 Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1713 Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-2368 Windows DLL Remote Code Execution Vulnerability
CVE-2015-2402 Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-2412 Internet Explorer Information Disclosure Vulnerability
CVE-2015-2429 Microsoft Internet Explorer Registry Link Elevation of Privilege Vulnerability
CVE-2015-2429 Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability
CVE-2015-2429 Microsoft Internet Explorer CIERegistryHelper::SetSingleValue Sandbox Escape Vulnerability
CVE-2015-2430 Microsoft Internet Explorer Filesystem Elevation of Privilege Vulnerability
CVE-2015-2454 Microsoft Internet Explorer HelpPane Sandbox Bypass Vulnerability
CVE-2015-2550 Windows Elevation of Privilege Vulnerability
CVE-2015-6047 Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability
CVE-2015-6051 Microsoft Internet Explorer ShowSaveFileDialog Protected Mode Sandbox Escape Vulnerability
CVE-2016-0020 Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability
CVE-2016-3211 Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability
MS15-056 Defense-in-depth in IE

For the above work, I was listed in the Top 50 security researchers for 2015 by Microsoft Security Response Center (MSRC).

Also shared the $1000 bounty and mentioned in The Chromium Projects Security Hall of Fame for a reporting a Chrome sandbox security bug.