Microsoft Windows suffers from a DSSVC DSOpenSharedFile arbitrary file open privilege escalation vulnerability.
c5eccc0de65840657f3b064e8a499aec555038d027732cbd80257ce57a555d65Microsoft Windows suffers from an SSPI network authentication session 0 privilege escalation vulnerability.
d2023662dbf632128ec23c46add0fefaf4689155e6f37d5e051c9bbfa54f5809Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.
f54dc03a0548a0bf309514e8238a7332722ced26331dd750eae0f876a0ed3877McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories.
151bdbc1027a4dd096823f04bd5ea0feb97a274be2ebc6612084d92dc662776eMicrosoft Windows 10 1803 and 1809 have an issue with unnamed kernel object creation. It's possible to default the security descriptor owner or mandatory label to the value from an Identification level impersonation token leading to elevation of privilege.
fb9584f4d9fbcd0538fdc2a5adb39ca01034b95d7ea2db9584cbde35e0f112aeMicrosoft Windows 10 1803 suffers from a DfMarshal unsafe unmarshaling elevation of privilege vulnerability.
f3d8b80ceebd239ef1a439cec5530651178de5ea0d7a4a0abe71c74e48185b64On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.
be5f41f514a5827a0f821f666b99bf1814733a5f65b5368d166452c4a0dca392Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.
db58dd019b911586330159149eda8b2dc64f11da97ac17f50b0f84104e699eccMicrosoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.
eb52dc13fee602e4f4367c0eb42d933defb5c0336c73d90ce5236346a9ec00baThe handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.
7b7af078798b5964467bf7757383127c12dad481c4522e1f5ea6e8b1a37d710aThe activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.
d0530f0109ea354da30e58c9f1b6f66e77d9f78611b21d45ab804256c40bfa35Microsoft Windows 10 version 1709 suffers from a child process restriction mitigation bypass vulnerability.
ba83b5baaedbe359d5e750eb4142eb1c4477928a4f8204e5566cbee1779eb0c2Microsoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.
2033addbbe5ebd84569983aa729d944003476f409e9a96a8424ceefbfbc9b13fThe enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
6472ee6172948afddeda0672cf9b60975d9a244ee152920a06d2b4c956e58bbfThe fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumventing Device Guard policies.
8bf899b59331805e3565783c1df52349bae6d10f5374cb34ff520b4495773303Microsoft Windows suffers from a Desktop Bridge Virtual Registry NtLoadKey arbitrary file read / write privilege escalation vulnerability.
8f2f9e0389c7548dbde759deeba68e5cd3a12fc66f9fb82eef907f69b1ca9eb7Microsoft Windows suffers from a Desktop Bridge Virtual Registry arbitrary file read / write privilege escalation vulnerability.
e524422547b177b8b51dff37c1fe898479cd8d33e5a29bcaa8940ba138b96b32The handling of the VFS for desktop bridge applications can allow an application to create virtual files in system folder which can result in elevation of privilege.
a19e1b19f8aafc317248316e6dedc0294e0aa633edb99ce6a44a6cd7d11f45c5Windows suffers from a Constrained Impersonation Capability privilege escalation vulnerability.
ed784628f28f7517017e042c1ef0ae076e0055b7540f2b38df01d9eb8b3f0cf9Windows StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file security descriptor overwrite vulnerability that allows for privilege escalation.
76ff500de37c611d2bfcf33767cff37b09da85a8307edfdee626783a4fb7a6dfWindows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.
241a41e7b4c34606c5b8c38997e3a9919b21068375867365bd1daf381cc4f5dcWindows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.
817479ced9c55750d45cb5a0bd0abe3a085b6eb1f5c6e5bafd694e7961cbeb11StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.
da3cf612ba7cedad78f1b652e836abe760eadee6b6d179778393eb87b95624a5On Microsoft Windows, the SMB server drivers (srv.sys and srv2.sys) do not check the destination of a NTFS mount point when manually handling a reparse operation leading to being able to locally open an arbitrary device via an SMB client which can result in privilege escalation.
18c5e8b69488f509de251342dd3e47d18e57b85a83a80396d794f1f67e9b08c0On Microsoft Windows, when impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to privilege escalation.
ea9947419e769dd9e18edeb304390de5704daee25ebd8b4d342bdc9bfc87ebea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed