Microsoft Windows suffers from a DSSVC DSOpenSharedFile arbitrary file open privilege escalation vulnerability.
c5eccc0de65840657f3b064e8a499aec555038d027732cbd80257ce57a555d65
Microsoft Windows suffers from an SSPI network authentication session 0 privilege escalation vulnerability.
d2023662dbf632128ec23c46add0fefaf4689155e6f37d5e051c9bbfa54f5809
Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.
f54dc03a0548a0bf309514e8238a7332722ced26331dd750eae0f876a0ed3877
McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories.
151bdbc1027a4dd096823f04bd5ea0feb97a274be2ebc6612084d92dc662776e
Microsoft Windows 10 1803 and 1809 have an issue with unnamed kernel object creation. It's possible to default the security descriptor owner or mandatory label to the value from an Identification level impersonation token leading to elevation of privilege.
fb9584f4d9fbcd0538fdc2a5adb39ca01034b95d7ea2db9584cbde35e0f112ae
Microsoft Windows 10 1803 suffers from a DfMarshal unsafe unmarshaling elevation of privilege vulnerability.
f3d8b80ceebd239ef1a439cec5530651178de5ea0d7a4a0abe71c74e48185b64
On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.
be5f41f514a5827a0f821f666b99bf1814733a5f65b5368d166452c4a0dca392
Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.
db58dd019b911586330159149eda8b2dc64f11da97ac17f50b0f84104e699ecc
Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.
eb52dc13fee602e4f4367c0eb42d933defb5c0336c73d90ce5236346a9ec00ba
The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.
7b7af078798b5964467bf7757383127c12dad481c4522e1f5ea6e8b1a37d710a
The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.
d0530f0109ea354da30e58c9f1b6f66e77d9f78611b21d45ab804256c40bfa35
Microsoft Windows 10 version 1709 suffers from a child process restriction mitigation bypass vulnerability.
ba83b5baaedbe359d5e750eb4142eb1c4477928a4f8204e5566cbee1779eb0c2
Microsoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.
2033addbbe5ebd84569983aa729d944003476f409e9a96a8424ceefbfbc9b13f
The enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
6472ee6172948afddeda0672cf9b60975d9a244ee152920a06d2b4c956e58bbf
The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumventing Device Guard policies.
8bf899b59331805e3565783c1df52349bae6d10f5374cb34ff520b4495773303
Microsoft Windows suffers from a Desktop Bridge Virtual Registry NtLoadKey arbitrary file read / write privilege escalation vulnerability.
8f2f9e0389c7548dbde759deeba68e5cd3a12fc66f9fb82eef907f69b1ca9eb7
Microsoft Windows suffers from a Desktop Bridge Virtual Registry arbitrary file read / write privilege escalation vulnerability.
e524422547b177b8b51dff37c1fe898479cd8d33e5a29bcaa8940ba138b96b32
The handling of the VFS for desktop bridge applications can allow an application to create virtual files in system folder which can result in elevation of privilege.
a19e1b19f8aafc317248316e6dedc0294e0aa633edb99ce6a44a6cd7d11f45c5
Windows suffers from a Constrained Impersonation Capability privilege escalation vulnerability.
ed784628f28f7517017e042c1ef0ae076e0055b7540f2b38df01d9eb8b3f0cf9
Windows StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file security descriptor overwrite vulnerability that allows for privilege escalation.
76ff500de37c611d2bfcf33767cff37b09da85a8307edfdee626783a4fb7a6df
Windows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.
241a41e7b4c34606c5b8c38997e3a9919b21068375867365bd1daf381cc4f5dc
Windows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.
817479ced9c55750d45cb5a0bd0abe3a085b6eb1f5c6e5bafd694e7961cbeb11
StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.
da3cf612ba7cedad78f1b652e836abe760eadee6b6d179778393eb87b95624a5
On Microsoft Windows, the SMB server drivers (srv.sys and srv2.sys) do not check the destination of a NTFS mount point when manually handling a reparse operation leading to being able to locally open an arbitrary device via an SMB client which can result in privilege escalation.
18c5e8b69488f509de251342dd3e47d18e57b85a83a80396d794f1f67e9b08c0
On Microsoft Windows, when impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to privilege escalation.
ea9947419e769dd9e18edeb304390de5704daee25ebd8b4d342bdc9bfc87ebea