This advisory ties together older research on a contact file handling flaw on Microsoft Windows as well as recent research discovered that uses the same methodologies.
bd483c57b86b3adc56157efdf3dd779e6e9b6a498c944d78ee46fe9d56a01c00When Microsoft released UTF-8 support for the -A interfaces of the Windows API, it appears to have introduced buffer overrun conditions.
fd54b53140cb0a9c16fc5520fcb15b03b3915d1e37bb7f97c426270dfbc79e9bThe Microsoft Windows kernel registry virtualization can be incompatible with transactions, leading to inconsistent hive state and memory corruption issues.
ad3989abfbd2b1064cf77a22452e621958457c972d00e1fb36536a6dcdb01abbThe Microsoft Windows kernel allows deletion of keys in virtualizable hives with KEY_READ and KEY_SET_VALUE access rights.
11325236787bd3fc6dfacb61396e8f2e5b81355ef8a0da87112e34d1821a1ad8The Microsoft Windows kernel registry has a SID table poisoning problem that leads to bad locking and other issues.
c61efe9fac6bb66fd179b7a7a24132f82e660151050984d2cf1aae1c81d256aeThe Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
54ec3add551cac7b508b2e8157d5a658c016115390f2b327d14cac78af270263Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867dRed Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.
373043494f5cbb3f8008959a5209879cea681b15be2c38e210b4ba4e9687c4a9Razer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability.
b44857059280bd0c0f9219f18143442834c6560bf766c7639b847e7be7cb3329Red Hat Security Advisory 2023-0354-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a deserialization vulnerability.
bd7fde7e9fb387f3f5463e02c82d5237191b01e8597247e1b9e60d2c58ef2761Red Hat Security Advisory 2023-0352-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.
cc5b3bb296ff18be41ec3ed8eba4d11cbc56a43d183fbc99cebb44507ea8a1b7Red Hat Security Advisory 2023-0353-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.
16ca17574ea75dd4d41f107b809c981645c420bde5d5acbc6d88ccdb935a2980Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
6c51e15bcc0afb93734e686dbff354ffd159f570bd2904bcbbad6f3feb7e9511MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
af909e2c3b777831be989f9eaf0d395a85af9d54b4a69e906bbc7e2aabbd134dThe Windows Kernel suffers from a use-after-free vulnerability due to bad handling of predefined keys in NtNotifyChangeMultipleKeys.
e31318a053707141296573a167ad796cc33514ff394bc3820404fedfd9233256SOUND4 Server Service version 4.1.102 suffers from an unquoted search path issue impacting the service SOUND4 Server for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
0d1f43d038e2cabb1630fddce016ccf758ccc883097f7d7cdbcec19bc4cf8178Backdoor.Win32.InCommander.17.b malware suffers from a hardcoded credential vulnerability.
099c10722a16f8ff775b1d257478160f16555c845382490673f316cc2a4f04e4Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) malware suffers from an insecure proprietary password encryption vulnerability.
327cdad4f54bb339def30383a6e9ad6ba1713e20fa30cdbaf1573da6857d4dfeWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
f35915699f2f9b28ddb211202d40ec8984e5834d3c911483144a4984ba44411dThe HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.
73ffca14ecbbd49fef40fa8d7691f553f1cd6ed289aaa1f61656fcd866416f5aDrupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.
29cd61d23f4b78dbb93cdc479cba570c70b094e72db31910170d0c3eb73d58f8Backdoor.Win32.Delf.gj malware suffers from an information leakage vulnerability.
622118d5760b64ae86f8de28e2d430c1c15ec650e7c1db8f5920f134dd887c5eBackdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.
d7a1dbe69c51797b7a119cf51d50bfdc0cf2f5d6383559a3c42e0b551d24f2ffWin32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.
d9c0e9406b722512df44cebb17c86eb5064420bbea72fa35eda62ac98a591282
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed