Exploit the possiblities
Showing 1 - 24 of 24 RSS Feed

Files from Kyriakos Economou

First Active2014-02-12
Last Active2017-12-01
Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation
Posted Dec 1, 2017
Authored by Kyriakos Economou

Vulnerabilities in Symantec Encryption Desktop and Endpoint Encryption allow an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence (MBR/VBR). They also allow the attacker to execute code in the context of the built-in SYSTEM user account, without requiring a reboot.

tags | advisory, arbitrary, vulnerability
MD5 | 752b5f20f45e330229cf021d93af510f
nt!_SEP_TOKEN_PRIVILEGES Single Write EoP Protection
Posted Apr 21, 2017
Authored by Kyriakos Economou

This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.

tags | paper, kernel
MD5 | 30228610ed457bed8670b8f3dcfdd1b6
Avast! Sandbox Escape
Posted Apr 19, 2016
Authored by Kyriakos Economou

A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.

tags | advisory
advisories | CVE-2016-4025
MD5 | 664e59e8c6c87a191067114b0acfae1c
Panda Security URL Filtering Privilege Escalation
Posted Apr 7, 2016
Authored by Kyriakos Economou

Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2015-7378
MD5 | 8de4a1b0c3c187a6a2da1b6c123aed76
Panda Endpoint Administration Agent Privilege Escalation
Posted Apr 7, 2016
Authored by Kyriakos Economou

Panda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2016-3943
MD5 | 35f46b82439c8a818c276df662df6752
Avast 11.1.2245 Heap Overflow
Posted Feb 21, 2016
Authored by Kyriakos Economou

Avast versions 11.1.2245 and below suffer from a heap overflow bug in the Avast Virtualization kernel mode driver (aswSnx.sys).

tags | advisory, overflow, kernel
advisories | CVE-2015-8620
MD5 | 6127c57faed270d3bdc04b3747c68c28
NDI5aster - Privilege Escalation Through NDIS 5.x Filter Intermediate Drivers
Posted Feb 6, 2016
Authored by Kyriakos Economou

The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.

tags | paper, remote, kernel, local, tcp, protocol
systems | windows, xp
MD5 | 7a760729b05fa6f6f5af09e62c2775ca
McAfee File Lock Driver Host Crash
Posted Jan 28, 2016
Authored by Kyriakos Economou

McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object of FILE_DEVICE_DISK DeviceType, causing a kernel stack based buffer overflow. McPvDrv.sys version 4.6.111.0 is vulnerable.

tags | advisory, denial of service, overflow, kernel
advisories | CVE-2015-8773
MD5 | e956c36e5ad9c07df96e9452ace2537d
McAfee File Lock Driver Kernel Memory Leak
Posted Jan 28, 2016
Authored by Kyriakos Economou

McAfee File Lock Driver McPvDrv.sys version 4.6.111.0 suffers from a memory leak vulnerability.

tags | advisory, memory leak
advisories | CVE-2015-8772
MD5 | c03f67a6675ef183de0bccbe3a81ea82
Panda Security 1.0.0.13 Arbitrary Code Execution
Posted Jul 14, 2015
Authored by Kyriakos Economou | Site portcullis-security.com

Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.

tags | advisory, kernel
advisories | CVE-2015-1438
MD5 | ca41952973e33863bbff5456e8d6c432
Panda Security 1.0.0.13 Memory Corruption
Posted Jul 11, 2015
Authored by Kyriakos Economou | Site portcullis-security.com

Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer. Version 1.0.0.13 is affected.

tags | advisory, kernel
advisories | CVE-2015-1438
MD5 | 9dad8fad5c83c04e8f6cddbbc6cb6315
K7 Computing Multiple Products K7Sentry.sys Out-Of-Bounds Write
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Latest, and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the 'K7AV Sentry DeviceDriver', suffers from an out-of-bounds write condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results into vertical privilege escalation.

tags | advisory, kernel
advisories | CVE-2014-8956
MD5 | 956ce09feb65942d846b3c4289b18b37
K7 Computing Multiple Products Null Pointer Dereference
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.

tags | advisory, kernel
advisories | CVE-2014-8608
MD5 | f551bcf8c70d643944d917c9bea78db8
K7 Computing Multiple Products K7FWFilt.sys Privilege Escalation
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Latest, and possibly earlier versions of K7FWFilt.sys kernel mode driver, also named as the 'K7Firewall Packet Driver', suffers from a heap overflow condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results in vertical privilege escalation.

tags | advisory, overflow, kernel
advisories | CVE-2014-7136
MD5 | 6c74b0a692b7c8164e09996bae322996
Faronics Deep Freeze Arbitrary Code Execution
Posted Nov 19, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-2382
MD5 | 3bd8a034d285c2f3bef972f16de36799
ESET 7.0 Kernel Memory Leak
Posted Oct 28, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.

tags | advisory, kernel, memory leak
advisories | CVE-2014-4974
MD5 | 0d7f4a310a0cbb23addfe9d0190134ec
Panda Security 2014 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.

tags | advisory, overflow
advisories | CVE-2014-5307
MD5 | 93162c683df784e9a518eecbe43310d6
ESET Windows Products 7.0 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.

tags | advisory
systems | windows
advisories | CVE-2014-4973
MD5 | 8086a470c366dafba90bdbe66a6a7f3d
G Data TotalProtection 2014 Code Execution
Posted Jun 25, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-3752
MD5 | eaf678b5f91e58bb6893825ee79fe3e0
Panda Security Privilege Escalation
Posted May 21, 2014
Authored by Kyriakos Economou

All users of the following (and possibly earlier) versions of Panda security products for Windows are vulnerable to a local privilege escalation which allows a local attacker to elevate privileges from any account type and execute code as SYSTEM, thus obtaining full access over the compromised host.

tags | advisory, local
systems | windows
advisories | CVE-2014-3450
MD5 | 91c58073445ef0c9fd5e5e62ffee6924
PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service
Posted Apr 16, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

PCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2014-2597
MD5 | f24aa2c41d9abc04798c408745480dd3
VMware Workstation / Player Invalid Pointer Dereference
Posted Apr 12, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

VMware WorkStation version 10.0.1 build-1379776 and VMware Player version 6.0.1 build-1379776 suffer from an invalid pointer dereference vulnerability.

tags | advisory
advisories | CVE-2014-2384
MD5 | 9ab0e5baa880b62cc229b4d0b1f66b95
Core FTP Server 1.2 Build 505 Code Execution
Posted Feb 20, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.

tags | advisory, local, code execution
advisories | CVE-2014-1215
MD5 | 83664bebc1aa0e124107072091dc0a1a
Dameware 10.0.0.372 Code Execution
Posted Feb 12, 2014
Authored by Kyriakos Economou

Dameware version 10.0.0.372 suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
MD5 | 0f1b61ee3c10a0e347a645514d290a4d
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close