CVE-2022-28310

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2023-28310

Microsoft Exchange Server Remote Code Execution Vulnerability...

CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability

...

CVE-2023-28310

CVE-2023-28310 is a Microsoft Exchange Server Remote Code Execution vulnerability. The issue allows an authenticated attacker on the same network to trigger code execution on the server, via a PowerShell remoting session, with a CVSS v3.1 base score of 8.0 (High). Microsoft notes that exploitatio...

CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability

...

Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 (KB5025903)

Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 KB5025903 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE: CVE-2023-28310 -...

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A authenticated malicious person with the ability to Powershell scripts can execute the vulnerabilities exploit them to execute arbitrary code with permissions from the application. Microsoft Exchange Server:...

KLA50319 Multiple vulnerabilities in Microsoft Server Software

A remote code execution vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to execute arbitrary code. Original advisories CVE-2023-32031 CVE-2023-28310 Exploitation Public exploits exist for this vulnerability. Malware exists for this...

Security Updates for Microsoft Exchange Server (June 2023)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the Jun, 2023 security bulletin. - Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2023-28310, CVE-2023-32031 Note tha...

CVE-2022-28310

CVE-2022-28310 is a use-after-free remote code execution vulnerability in Bentley MicroStation CONNECT (version 10.16.02.034) involving parsing of SKP files. The flaw stems from not validating the existence of an object before performing operations on it, enabling arbitrary code execution in the ...

CVE-2022-28310

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-28310

Win32k Elevation of Privilege Vulnerability...

CVE-2021-28310

creationtimestamp| type| source ---|---|--- 2021-04-13 19:42:23+00:00| exploited| https://t.me/ctinow/31796 2021-04-13 19:42:24+00:00| exploited| https://t.me/ctinow/31797 2021-04-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=567 2021-04-14 04:19:35+00:00| exploited|...

CVE-2021-28310

CVE-2021-28310 is a Win32k Elevation of Privilege vulnerability in Microsoft Windows. Project Zero’s 2021 review notes Win32k 0-day activity among in-the-wild exploits, with CVE-2021-28310 listed as one of the Windows 0-days targeted in 2021 (alongside other Win32k issues). The CVE entry is suppo...

CVE-2021-28310 Win32k Elevation of Privilege Vulnerability

...

Patch Tuesday - April 2021

Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical...

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after...

CVE-2021-28310

Win32k Elevation of Privilege Vulnerability Recent assessments: ccondon-r7 at April 13, 2021 8:41pm UTC reported: Ah, another day, another Win32k privilege escalation used in the wild. Securelist has a good write-up on this bug, which they discovered because it was used in a BITTER APT zero-day...

Microsoft Win32k Elevation of Privilege (CVE-2021-28310)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-28310

CVE-2020-28310 is rejected/not used and does not represent an active vulnerability entry.