621 matches found
CVE-2016-7221
Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...
CVE-2016-7221
Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...
CVE-2016-7221
CVE-2016-7221 is a Windows IME DLL-loading privilege-escalation issue. The IME loads DLLs via a registry-controlled mechanism and can be exploited by a locally authenticated user to gain higher privileges when an application initiates the IME. Public writeups (e.g., JVN/JVND) describe the exploit...
Microsoft Windows IME Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Windows when the Windows Input Method Editor IME incorrectly handles DLL loading. If the IME is not present, there is no impact. A local, authenticated...
Windows IME Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows when Windows Input Method Editor IME improperly handles DLL loading. There is no impact without IME present. To exploit this vulnerability, a locally authenticated attacker could run a specially crafted application. The security...
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT...
Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
Overview The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
JVN#03251132: Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the latest installer...
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation MS16-125 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=887 Windows: Diagnostics Hub DLL Load EoP Platform: Windows 10 10586, not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The fix...
Fortinet FortiClient DLL Loading Remote Code Execution Vulnerability
Fortinet FortiClient is a Fortinet endpoint security solution that provides end users with anti-virus, encryption and other services. A remote code execution vulnerability exists in Fortinet FortiClient. A remote attacker can exploit the vulnerability to execute arbitrary code in the context of t...
NMAP DLL Load Local Command Execution Vulnerability
NMAP is a network security tool for Network Discovery Network Discovery and Security Auditing Security Auditing, which is free software. A local command execution vulnerability exists in NMAP DLL loading, which could be exploited by an attacker to execute arbitrary script code within the context ...
Dropbox: Subtile Code Injection Vulnerability in Dropbox for Windows
A mistake in our compilation meant that one of our Qt libraries was unintentionally loading a openssl.cnf from another user on Windows. The config file allowed the other user to specify a DLL to load, which meant that a user with this specific username could escalate privileges and execute code a...
Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
Overview PhishWall Client Internet Explorer Version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer Version contains an issue with the DLL search path, which may lead to insecurely loading dynamic linking...
Enpass DLL Load Local Code Execution Vulnerability
Enpass is a complete password management solution. A local code execution vulnerability exists in Enpass DLL loading. This allows a local attacker to exploit the vulnerability to execute arbitrary code within the context of the affected application...
CURL-CVE-2016-4802 Windows DLL hijacking
libcurl would load Windows system DLLs in a manner that may make it vulnerable to a DLL hijacking aka binary planting attack in certain configurations. libcurl has a unified code base that builds and runs on a multitude of different versions of Windows. To make that possible, when libcurl is buil...
KLA10817 Privilege escalation in cURL
An improper DLL loading was found in cURL. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited via a DLL hijack. Technical details This vulnertability related to load of security.dll, secur32.dll and ws232.dll Original advisories Original...
CVE-2016-0152
Internet Information Services IIS in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."...
Remote code execution
Internet Information Services IIS in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."...
CVE-2016-0152
CVE-2016-0152 is the Windows DLL Loading Remote Code Execution vulnerability affecting Internet Information Services (IIS) on Windows Vista SP2 and Windows Server 2008 SP2. It arises from improper handling of DLL loading, enabling local attackers to gain privileges by executing a crafted applicat...
CVE-2016-0152
Internet Information Services IIS in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."...