The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.
371f9505662bb6a768bb624f24a62e46fef4ad9feab889c6189fe75092e31989Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation.
a4c3435d9c5e52f576c70ff4db3da2de108e219bbd349f1ce79de1a81c042945Any unprivileged, local user in Microsoft Windows can disclose whether a specific file, directory or registry key exists in the system or not, even if they do not have the open right to it or enumerate right to its parent.
eba081f5682137a596749db83d8591dfa5e5d9dffadba5ca011381bdd72018c4The Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.
8cf51c7afd8e880ffabc644d09f791fed4bac36689d7102f629eb746b2c13124The Microsoft Windows Kernel has a time-of-check / time-of-use issue in verifying layered key security which may lead to information disclosure from privileged registry keys.
d827eb89d09814af2562b27f8d81aceb5f4a617c3fbb070846fd5b39ebfaa03eThe Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.
c1feae840787713bb89848cc8ba310ff0f5a1d43e23d59e1de207223ba6d1278The Microsoft Windows Kernel suffers from out-of-bounds reads and paged pool memory disclosure in VrpUpdateKeyInformation.
c87a5d6aa220b6741ae4904759814e063965888e7a3ac2b1614f1cd3581ff6a2The Microsoft Windows Kernel suffers from a paged pool memory disclosure in VrpPostEnumerateKey.
349851510cbd7d10a7c2d7d53d9ff2f6105bc83bca4a0b424c2ec5e16ae09df1The Microsoft Windows Kernel passes user-mode pointers to registry callbacks, leading to race conditions and memory corruption.
57a9fd976b42cf097a3782222d89382836eb91d0a5a6fd4b8b16b49f2a40d715The Microsoft Windows kernel does not reset security cache during self-healing, leading to refcount overflow and use-after-free conditions.
4eb4fd48ea37a8b3e89dd2a59229350611f16a4367ff0dcf43fef634da02c00cThe Microsoft Windows Kernel has an issue where a partial success of registry hive log recovery may lead to inconsistent state and memory corruption.
8d90d52ff176f1f9884d9ffea04d9338aa0c0d819ae01d9535ea91d209a17c4fThe Microsoft Windows Kernel suffers from out-of-bounds reads due to an integer overflow in registry .LOG file parsing.
2cb8dc117b540fd74b32ad5e82a39042ad150a5cea6b1be9d4e6170722bb1281Microsoft Windows Kernel renaming layered keys does not reference count security descriptors, leading to a use-after-free condition.
07ccb330f6ce87a10f6763766477dee076f0af9a3d5ca41262bb308dae53fe47The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.
a393bdd205b55a25a4010667d7d283c1bd373af4b7bb30a36f33608cf1edeb3fThe Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.
b39149935b26f2a93874ead5ff16c8bafcc4acc7b2b341ba68ed2751bb86aa82The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.
7b5280c111b616102ccc14ddef413c7f8bbeeb1ba04df2aa047b88bdfe97d452There is a Microsoft Windows Kernel arbitrary read that can be performed by accessing predefined keys through differencing hives.
492807027a3cf7a8d886110c04d56bed4abbb83ec85e31ab445e48ddc7826fceDue to some design problems in how transactions are implemented in the registry, it is possible for a low-privileged local attacker to force a non-atomic outcome of a transaction used by another high-privileged process in the system.
b0795c7263336afd69a53bbf47a57747eb1f8d4323fcb570f007bee06c510954The Windows kernel suffers from out-of-bounds read vulnerabilities when operating on invalid registry paths in CmpDoReDoCreateKey / CmpDoReOpenTransKey.
76ec9aa7a319065af82cafdd465533228021c8f1589b7dfe874c3ed0033910d0The Windows Kernel suffers from a disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files.
d28ae7b6f77689b87212fa778ce097dbeda0292d731f4abdb493b75f067884e7In Windows Registry, security descriptors are shared by multiple keys, and thus reference counted via the _CM_KEY_SECURITY.ReferenceCount field. It is critical for system security that the kernel correctly keeps track of the references, so that the sum of the ReferenceCount fields is equal to the number of keys in the hive at all times (with small exceptions for things like transacted and not yet committed operations etc.). If the ReferenceCount of any descriptor drops below the true number of its active references, it may result in a use-after-free condition and memory corruption. Similarly, if the field becomes inadequately large, it may be possible to overflow it and also trigger a use-after-free. A bug of the latter type is described in this report.
4666052c91d73ebc181951a754ead95069fc09d5df87c094776106c9e9edc90eThe Microsoft Windows Kernel has insufficient validation of new registry key names in transacted NtRenameKey.
ba4961014d277f2fb882589dbc8a7ae2231b9cbad4ecebf074ca3f4b40c660ccThe Microsoft Windows Kernel suffers from multiple issues in the prepare/commit phase of a transactional registry key rename.
7c97ca8d9eaa67f309b42a02ec5443fcab57797d0ac534a80dbe853a97cb2939The Microsoft Windows kernel suffers from multiple issues with subkeys of transactionally renamed registry keys.
a73d43acd9edc53a2cab893ea9e5bb5beca43de488582970092616f1af85341cThe Microsoft Windows kernel registry virtualization can be incompatible with transactions, leading to inconsistent hive state and memory corruption issues.
ad3989abfbd2b1064cf77a22452e621958457c972d00e1fb36536a6dcdb01abb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed