what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files from Kyriakos Economou

First Active2014-02-12
Last Active2021-09-20
AMD Chipset Driver Information Disclosure / Memory Leak
Posted Sep 20, 2021
Authored by Kyriakos Economou | Site zeroperil.co.uk

ZeroPeril Ltd has discovered two issues inside the amdpsp.sys (v4.13.0.0) kernel driver module that ships with the AMD Chipset Drivers package for multiple AMD chipsets. The first issue is an information disclosure type security vulnerability and the second is a memory leak type bug due to insufficient releasing of all associated allocated resources upon request. The researchers have verified both in the latest Revision Number (2.13.27.501) of the package that was released the 4th of February 2021.

tags | advisory, kernel, memory leak, info disclosure
advisories | CVE-2021-26333
SHA-256 | d827c9bf70e10c8aa6de32322ba69539b034444015352799b800c077dfa9a502
Symantec Endpoint Protection Information Disclosure / Privilege Escalation
Posted Dec 6, 2019
Authored by Kyriakos Economou | Site labs.nettitude.com

A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.

tags | advisory, info disclosure
advisories | CVE-2019-12750
SHA-256 | ba684560b58492719e146b7962feca0b68d0d97a728a6b906962fa4a1fc92df6
Bitdefender GravityZone Installer Signature Bypass / Code Execution
Posted Oct 23, 2018
Authored by Kyriakos Economou | Site labs.nettitude.com

The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.

tags | advisory, code execution
advisories | CVE-2018-8955
SHA-256 | fb4f2c303fb26dbec83a73792998329051382c1f4c7fca1e1fe8417ff62ba2e5
Sophos SafeGuard Priivlege Escalation
Posted Jul 4, 2018
Authored by Kyriakos Economou

Sophos SafeGuard Enterprise versions 8.00.4 and earlier, SafeGuard Easy versions 7.00.2.35 and earlier, and SafeGuard LAN Crypt versions 3.95.1.13 and earlier suffer from privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2018-6851, CVE-2018-6852, CVE-2018-6853, CVE-2018-6854, CVE-2018-6855, CVE-2018-6856, CVE-2018-6857
SHA-256 | 9d5c7e91f7c46dfdf969ae19225d278303fd9a6345ad15d65c8e24018ea0b127
Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation
Posted Dec 1, 2017
Authored by Kyriakos Economou

Vulnerabilities in Symantec Encryption Desktop and Endpoint Encryption allow an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence (MBR/VBR). They also allow the attacker to execute code in the context of the built-in SYSTEM user account, without requiring a reboot.

tags | advisory, arbitrary, vulnerability
SHA-256 | c552a0d5a2f17481d112b351045fec72aa1777dac0c1e90c745138d741a25e68
nt!_SEP_TOKEN_PRIVILEGES Single Write EoP Protection
Posted Apr 21, 2017
Authored by Kyriakos Economou

This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.

tags | paper, kernel
SHA-256 | c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548c
Avast! Sandbox Escape
Posted Apr 19, 2016
Authored by Kyriakos Economou

A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.

tags | advisory
advisories | CVE-2016-4025
SHA-256 | 7fd3ef05288e1690d62a92d2e2d6b6fd6cc0392156eb537960ff2d8cc0ea7037
Panda Security URL Filtering Privilege Escalation
Posted Apr 7, 2016
Authored by Kyriakos Economou

Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2015-7378
SHA-256 | 3190c8010d3158046fed24fe39c4f0bba14a6dceff1ddf7ffb4f75cf4b6b29ab
Panda Endpoint Administration Agent Privilege Escalation
Posted Apr 7, 2016
Authored by Kyriakos Economou

Panda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2016-3943
SHA-256 | a9b0b633852d1bfa15f74b01a50238f33b6bea360eb3c5eb3d8a877bc3f67c15
Avast 11.1.2245 Heap Overflow
Posted Feb 21, 2016
Authored by Kyriakos Economou

Avast versions 11.1.2245 and below suffer from a heap overflow bug in the Avast Virtualization kernel mode driver (aswSnx.sys).

tags | advisory, overflow, kernel
advisories | CVE-2015-8620
SHA-256 | 2c796139cc9e2722f6b6c01834bdd5bbb89e28eec134eb6c447b41be2bb893a4
NDI5aster - Privilege Escalation Through NDIS 5.x Filter Intermediate Drivers
Posted Feb 6, 2016
Authored by Kyriakos Economou

The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.

tags | paper, remote, kernel, local, tcp, protocol
systems | windows
SHA-256 | 730dfd4333f38eeac096e605cfc535fc646d5e90e3533d3a53e73d4707bb7d53
McAfee File Lock Driver Host Crash
Posted Jan 28, 2016
Authored by Kyriakos Economou

McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object of FILE_DEVICE_DISK DeviceType, causing a kernel stack based buffer overflow. McPvDrv.sys version 4.6.111.0 is vulnerable.

tags | advisory, denial of service, overflow, kernel
advisories | CVE-2015-8773
SHA-256 | 630b8a3d4523538ded4d87575e898edf1599ae13e6a4b1b0f4e7d8231325f5d6
McAfee File Lock Driver Kernel Memory Leak
Posted Jan 28, 2016
Authored by Kyriakos Economou

McAfee File Lock Driver McPvDrv.sys version 4.6.111.0 suffers from a memory leak vulnerability.

tags | advisory, memory leak
advisories | CVE-2015-8772
SHA-256 | 04c8d5c31b7ee243b018718bfc3219e46bdaa41850c8c43eb7249df641e6d335
Panda Security 1.0.0.13 Arbitrary Code Execution
Posted Jul 14, 2015
Authored by Kyriakos Economou | Site portcullis-security.com

Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.

tags | advisory, kernel
advisories | CVE-2015-1438
SHA-256 | 017a81162eb94fe7a9a71b19ac47e7b58ea849b57dcaba936c68c4e615a3aa90
Panda Security 1.0.0.13 Memory Corruption
Posted Jul 11, 2015
Authored by Kyriakos Economou | Site portcullis-security.com

Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer. Version 1.0.0.13 is affected.

tags | advisory, kernel
advisories | CVE-2015-1438
SHA-256 | eab4ee724270c93a18fa3a73a94be01509bfed60588585695b11e21975000fa3
K7 Computing Multiple Products K7Sentry.sys Out-Of-Bounds Write
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Latest, and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the 'K7AV Sentry DeviceDriver', suffers from an out-of-bounds write condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results into vertical privilege escalation.

tags | advisory, kernel
advisories | CVE-2014-8956
SHA-256 | 6ae24cdc2a10bd71691607ae39c1e9f6b50c8cf29c8b4c8a7f48bca25d729187
K7 Computing Multiple Products Null Pointer Dereference
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.

tags | advisory, kernel
advisories | CVE-2014-8608
SHA-256 | bba500e92fa30973d660f8038bd80dd3b8ce9f1800b630163a16a0ea6de85d50
K7 Computing Multiple Products K7FWFilt.sys Privilege Escalation
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Latest, and possibly earlier versions of K7FWFilt.sys kernel mode driver, also named as the 'K7Firewall Packet Driver', suffers from a heap overflow condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results in vertical privilege escalation.

tags | advisory, overflow, kernel
advisories | CVE-2014-7136
SHA-256 | 5f70f46819ed69a70be4689425f0203bacc85b239ad8f355847971ce2417afee
Faronics Deep Freeze Arbitrary Code Execution
Posted Nov 19, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-2382
SHA-256 | 27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885
ESET 7.0 Kernel Memory Leak
Posted Oct 28, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.

tags | advisory, kernel, memory leak
advisories | CVE-2014-4974
SHA-256 | 8b5888960f4d9b82098187fccdeffd23d87b222ac084d8ed2407392d581bf827
Panda Security 2014 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.

tags | advisory, overflow
advisories | CVE-2014-5307
SHA-256 | ee7570db291ac19c2cacdd5efdcf59e3ad74d5faf572b58900607b82cf340cd4
ESET Windows Products 7.0 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.

tags | advisory
systems | windows
advisories | CVE-2014-4973
SHA-256 | dece2baa665e8eaa6eefd41fcb60bffa50108ef2c1df166fbc98dc57cbe85529
G Data TotalProtection 2014 Code Execution
Posted Jun 25, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-3752
SHA-256 | d13c4d1c5599bcffe508e75fe31ffdd878a567e0ff4fc55a9e3ea8326e575583
Panda Security Privilege Escalation
Posted May 21, 2014
Authored by Kyriakos Economou

All users of the following (and possibly earlier) versions of Panda security products for Windows are vulnerable to a local privilege escalation which allows a local attacker to elevate privileges from any account type and execute code as SYSTEM, thus obtaining full access over the compromised host.

tags | advisory, local
systems | windows
advisories | CVE-2014-3450
SHA-256 | bd05592c98a9bbeefe7ba5ee744232314670a99e8285c1dafadcf505cd119f51
PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service
Posted Apr 16, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

PCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2014-2597
SHA-256 | 12bb65a7bc6783dea9e1ade46281f4de7f58d684482c5c0ea3f406da057f11bf
Page 1 of 2
Back12Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close