There exists a privilege escalation vulnerability for Windows 10 builds prior to build 17763. Due to the AppXSvc's improper handling of hard links, a user can gain full privileges over a SYSTEM-owned file. The user can then utilize the new file to execute code as SYSTEM. This Metasploit module employs a technique using the Diagnostics Hub Standard Collector Service (DiagHub) which was discovered by James Forshaw to load and execute a DLL as SYSTEM.
c94395650cca2e92c0d550946f0e7a22Microsoft Windows suffers from an HTTP to SMB NTLM reflection that leads to a privilege escalation.
62e80bf3709f00ac9657fb8dd16d9822Microsoft Windows Remote Desktop BlueKeep denial of service exploit.
03ea74e7a141e90ebbfc356da5c86bfdThere's a task in Windows Task Scheduler called "SilentCleanup" which, while it's executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%\system32\cleanmgr.exe. Since it runs as Users, and we can control user's environment variables, %windir% (normally pointing to C:\Windows) can be changed to point to whatever we want, and it'll run as admin.
7ee69d4252d5b92089120a04d1eb7fd0191 bytes small Windows/x86 start iexplore.exe shellcode.
69ef1b6a666d78243c14b5a2319c40bd210 bytes small Windows/x86 bitsadmin download and execute shellcode.
c976a6bf095c6cf15e9f503c7292abd1The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.
44c606ddd4aece1d53887c9140628a82Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.
d2b73dca2b8642efcc867ea985e64304PC-Doctor Toolbox versions prior to 7.3 suffer from a dll hijacking vulnerability.
92d52515d0b9f62a650fa782a9806e23Red Hat Security Advisory 2019-1527-01 - The Windows Azure Linux Agent supports provisioning and running Linux virtual machines in the Microsoft Windows Azure cloud. A weak permissions issue was addressed.
1198e4999d63ce49032f564dbb35579eThe HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.
d00190d41a9f1c0ea2c4f92ee9779c0dThis script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.
76887c2ea927367c717be6c7a61a4c47Microsoft Windows AppX Deployment Service local privilege escalation exploit that bypasses CVE-2019-0841.
43733e1bfd2813c8c8435759734658e7Rapid7 Windows InsightIDR Agent version 2.6.3.14 suffers from a local privilege escalation vulnerability.
470bd080c87816cd1d562eb0cea793d5Microsoft Windows Remote Desktop BlueKeep denial of service exploit.
56be6b6cf5606655ac5598c5c46779e1Apple Security Advisory 2019-5-28-1 - iTunes for Windows 12.9.5 is now available and addresses code execution vulnerabilities.
8c1f1ce22a0b31d4c2bcadcfc8c1c825Apple Security Advisory 2019-5-28-2 - iCloud for Windows 7.12 is now available and addresses code execution vulnerabilities.
74d63f98e99677f37543232c3d2f1639Microsoft Windows suffers from a deployment service local privilege escalation vulnerability that bypasses the fix for CVE-2019-0841.
e4ec8b1e55e88e54ab69d43fb7183685Microsoft Internet Explorer Windows 10 1809 17763.316 scripting engine memory corruption exploit.
c9397c14195bc3f85cf0bc8c751e4a75Microsoft Windows installer suffers from a race condition that can allow for privilege escalation.
9a503f8035f1c995cef77978e81633e9Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
e344675283d6329a4bc213b621d7f46aProof of concept exploit for an elevation of privilege vulnerability that exists in Windows when the Win32k component fails to properly handle objects in memory.
91e99823c59717f23a26ea09901bf4fbAngry Polar Bear 2 is a Microsoft Windows error reporting privilege escalation exploit.
e2a7c2229624d5b912617778c52d6a08Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.
52b9f1fd108ce77586d458c8e25878fbThe Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.
b9ac41d7a345cbb537b2a935197cf91b
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed