11 matches found
CVE-2026-57851
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
CVE-2026-57851
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
EUVD-2026-42053
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
CVE-2023-52271
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...
CVE-2023-52271
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...
SUSE CVE-2015-0001
The Windows Error Reporting WER component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging...
PPLdump - Dump The Memory Of A PPL With A Userland Exploit
This tool implements a userland exploit that was initially discussed by James Forshaw a.k.a. @tiraniddo - in this blog post - for dumping the memory of any PPL as an administrator. I wrote two blog posts about this tool. The first part is about Protected Processes concepts while the second one...
Injecting Code into Windows Protected Processes using COM - Part 1
Posted by James Forshaw, Google Project Zero At Recon Montreal 2018 I presented “Unknown Known DLLs and other Code Integrity Trust Violations” with Alex Ionescu. We described the implementation of Microsoft Windows’ Code Integrity mechanisms and how Microsoft implemented Protected Processes PP. A...
Microsoft Windows Error Reporting Security Mechanism Bypass Vulnerability
Microsoft Windows is a family of operating systems from Microsoft. A security bypass vulnerability exists in Microsoft Windows Error Reporting WER that could allow an administrative user to view the contents of process memory protected by "Protected Process Light.", resulting in the disclosure of...
CVE-2015-0001
The Windows Error Reporting WER component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging...