16 matches found
EUVD-2021-22906
Malware in sbrugna...
AMD uProf Vulnerability
CVE Details Refer to Glossary for explanation of terms CVE| CVSS Severity| CVE Description ---|---|--- CVE-2024-36340| 6.6 MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N| A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points,...
Guest OS File Restore Fails on Self-Referencing Junction Points
Challenge Using Guest OS File Restore to restore a folder containing a junction point that redirects back to the initial folder fails with the error: Win32 error:The name of the file cannot be resolved by the system. Code: 1921 For example, attempting to restore a user's AppData folder the restor...
Dell SupportAssist < 3.10 Multiple Vulnerabilities (DSA-2021-163)
According to its self-reported version number, the version of Dell SupportAssist Client Consumer is prior to 3.10. It is, therefore, affected by multiple vulnerabilities. - An arbitrary file deletion vulnerability exists due to how Dell SupportAssist handles symbolic links and NTFS junction point...
CVE-2021-36286
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by anynon-privileged user under some object...
Arbitrary file deletion
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by anynon-privileged user under some object...
PT-2021-21204 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 Description: The issue concerns an arbitrary file deletion vulnerability that can be exploited using the Windows feature of NTFS called Symbolic links...
CVE-2020-16940
An elevation of privilege vulnerability exists when the Windows User Profile Service ProfSvc improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first...
Privilege escalation
An elevation of privilege vulnerability exists when the Windows User Profile Service ProfSvc improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first...
Windows - User Profile Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows User Profile Service ProfSvc improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first...
PT-2020-4375 · Microsoft · Windows User Profile Service +1
Name of the Vulnerable Software and Affected Versions: Windows User Profile Service ProfSvc affected versions not specified Description: The issue is related to the improper handling of junction points by the Windows User Profile Service ProfSvc, which can allow an attacker to elevate their...
Microsoft Windows (x84/x64) - Error Reporting Discretionary Access Control List / Local Privilege
Exploit for windows platform in category local exploits Microsoft Windows x84/x64 - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation EDIT: Apparently this was patched earlier this month.. so whatever. Windows Error Reporting Arbitrary DACL write It can take upwards...
Adobe Reader Arbitrary File Deletion Sandbox Escape Vulnerability
This vulnerability allows local attackers to delete arbitrary files on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Internet Explorer Filesystem Elevation of Privilege Vulnerability
This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...
Adobe Reader AdobeARM Denial of Service Vulnerability
This vulnerability allows local attackers to delete files on vulnerable installations of Adobe Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of junction points in AdobeARM.exe. A local attacker running code as a normal user can...
NTFSLinksView - View NTFS symbolic links and junction points
Starting from Windows Vista, Microsoft uses symbolic links and junction points of NTFS file system in order to make changes in the folders structure of Windows and keep the compatibility of applications written for older versions of Windows. This utility simply shows you a list of all symbolic...