Microsoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.
7824d2ba33b19311032329f4e36f8deaMicrosoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.
77406ac2d1bdd9f30ebc46435d3c30c1The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.
335be82ee5239bb58196243435177028The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.
827e5e747d1adace7588fea8541830f2Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.
53897bcfcd358cb90680438311e7af9fMicrosoft Windows suffers from a runtime broker ClipboardBroker privilege escalation vulnerability.
dd02594e7a493c6e99c615dcd3d00362Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability.
b802a922b61e418d924ea6774ca4bc38Microsoft Windows suffered from a CreateProcessAsUser impersonation token bypass vulnerability.
67e8190e6dfce495fb12b9be530a5f0fMicrosoft Windows suffers from a COM session moniker elevation of privilege vulnerability.
874f8adf85cf59c05d6c51147b5640ffMicrosoft Windows suffers from a limited bypass vulnerability related to traverse permissions in the kernel object manager.
1cf598749090c0ba990679adca1f5b3aThe VHDMP driver does not safely delete files leading to arbitrary file deletion which could result in elevation of privilege.
cf4781183ffb73a29c60d739b40269efThe VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to.
a811b9e9fd1f114f692f1e2497c401f9The VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.
aa7026f26462d80ce8c2c8e8aec38ed0The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.
ffa87b52eeaf7af18b7cf72474d60fefThe Linux subsystem on Windows suffers from a privilege escalation vulnerability that allows for arbitrary file and directory creation.
89ef94a56b1eee79bce2ee22bfdea4c5The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.
3a58a4a032f194f64df76ef97f1864ddThe isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.
04ae222ed5d576af27590135025693eeNtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.
1df9217976f58a92f0a890a61a8508f2Windows suffers from an elevation of privilege vulnerability in the User Profile Service.
6d809c061e7b0de9c103632a0f395ecdThe fix for CVE-2016-3231 is insufficient to prevent a normal user specifying an insecure agent path leading to arbitrary DLL loading at system privileges.
c4ff8d0dc654ac405a128ddd41d0c703The Windows DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.
911d8189dbd28b3831aea3acd9cf75abThe Windows DFS Client driver and running by default insecurely creates and deletes drive letter symbolic links in the current user context leading to elevation of privilege.
6067edffeec1116597601eefb3a08a30The Windows DeviceApi CMApi PnpCtxRegOpenCurrentUserKey function doesn't check the impersonation level of the current effective token allowing a normal user to create arbitrary registry keys in another user's loaded hive leading to elevation of privilege.
e4cb23364b93db7f73f47786db17ed0bWhen performing an object name lookup it's possible exercise the worst case look up time for the object leading to a single lookup taking multiple minutes. This can prevent a process being terminated on logout which can be used to get access to other user sessions, especially on a terminal server leading to EoP.
402e271cbf31e9ffa53abd2f90b43f8bThe NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.
c98bf881446f8ad002f5877c3b3523e7
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed