Microsoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.
36f03383066ee290d05c378c215e41fa232689f697acdd92d4113874ffffea27Microsoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.
7d9306b31056624843b7596903b03f2850b51e4cdcc0f3b35afc516f0af1bec5The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.
648ba1e2f3e829a53ac3a224f73958fcb62fd2097a728a0530b0740b66b425dcThe process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.
354c5c8d7eae3710b64e963597225ed3690fa9c1db8f9c46391d756eae87a99dMicrosoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.
430a53cd94edd4e0e498a42cca519bca58b5345139e6f34fe55a3fac5ac08ac8Microsoft Windows suffers from a runtime broker ClipboardBroker privilege escalation vulnerability.
7c916e43984e060a2ac3129f24b582d32092c2278a75ff95dfbfab95fd72d2cfMicrosoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability.
2191c2cf58409ae65a711b869567e7f0086659f623a87e56f5ca19199ab839a9Microsoft Windows suffered from a CreateProcessAsUser impersonation token bypass vulnerability.
09f6d702f3536cf0e173c3346be71a21c9c9b6fc330fd573ea7a94b7397fe040Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.
dd8361b04b08bf0bdeff67321f010c8cc76f0542fe2db8f9df10c34ea03bfa2aMicrosoft Windows suffers from a limited bypass vulnerability related to traverse permissions in the kernel object manager.
32be7de6302ee4b217899cde65689522ab4b525ef091f369b88b8e92da8f7841The VHDMP driver does not safely delete files leading to arbitrary file deletion which could result in elevation of privilege.
83a9ca054e84e9cb0b4edffe665f32711fdddafa66cced5b63b30ba0907cfc2fThe VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to.
ece66dd4e9a21d845f73e76160ee3d7d4ddb8db78f87bb255a2a71718d6d508cThe VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.
2dd3df095b5f804e247c897db2ccee0b7686f6aba635737c00ff269c7dd3eef9The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.
47779f4011b5478d641f7b65e43f21241798700a262c616442aaa6c5144cb4a7The Linux subsystem on Windows suffers from a privilege escalation vulnerability that allows for arbitrary file and directory creation.
576672403eb9b021c3d3d7f01650822ca7bdd66497b93e4ba6035db60fe0ad18The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.
91dd2dafe62503e1402e801a11454398d381c47becea95deca59b0c271104cabThe isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.
68f3b1ea316257c0328816712b240f725ef353f02ec723df39644a2236351e6bNtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.
1a8fcebf49504f53a251ec53b447f0516cf99661d4e5a20f9ace8c025cf0207bWindows suffers from an elevation of privilege vulnerability in the User Profile Service.
97b457125a6643a868963d6ea9692fdd8632b5b0be62f70275a4468c594484f5The fix for CVE-2016-3231 is insufficient to prevent a normal user specifying an insecure agent path leading to arbitrary DLL loading at system privileges.
8e920030b310b6dcf311c06b2b2e41ac897452fca01c6548f5350cbbaaf2d80cThe Windows DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.
9ed3cfad5f45a4826c3f4edfa4a900d6907941eae3d340562b9af0050fae92aeThe Windows DFS Client driver and running by default insecurely creates and deletes drive letter symbolic links in the current user context leading to elevation of privilege.
2638bfd1a02a94d1b2488c6813b4f4ecdb4390e08d2e42f584071f01073adce4The Windows DeviceApi CMApi PnpCtxRegOpenCurrentUserKey function doesn't check the impersonation level of the current effective token allowing a normal user to create arbitrary registry keys in another user's loaded hive leading to elevation of privilege.
2e1231f4bf4a445eede4130d674c86c027caab38c9470a664b4e7bdf8a7fe1eaWhen performing an object name lookup it's possible exercise the worst case look up time for the object leading to a single lookup taking multiple minutes. This can prevent a process being terminated on logout which can be used to get access to other user sessions, especially on a terminal server leading to EoP.
efafe27080f86d8c27daddca22497099ebc4caecbbe30af4c6f96f0137730c4bThe NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.
8d30ef721f9061806e06019063b62bba9b734dca044a593c1486cd66752e5a4c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed