111 matches found
CVE-2017-9769
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Recent assessments: zeroSteiner at November 21, 2019 11:14pm UTC reported: Analysis The Razer rzpnk.sys driver...
Razer Synapse rzpnk.sys ZwOpenProcess
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/windowskernel' require 'rex' require 'metasm' class MetasploitModule 'Razer Synapse rzpnk.sys ZwOpenProcess', 'Description' = %q A...
Razer Synapse rzpnk.sys ZwOpenProcess
A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver th...
Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation
Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=468 Windows: User Mode Font Driver Thread Permissions EoP Platform: Windows 10 Build 10130 Class: Elevation of Privilege...
Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=468 Windows: User Mode Font Driver Thread Permissions EoP Platform: Windows 10 Build 10130 Class: Elevation of Privilege Summary: The host process for the UMFD runs as a normal user but with a heavily restrictive process...
MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/5927/info The Winlogon NetDDE Agent can be leveraged to allow local privilege escalation. This is related to the Microsoft Windows Window Message Subsystem Design Error Vulnerability BID 5408. A local user can use a...
Windows NT 4.0 - Remote Registry Request Dos Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1331/info In special circumstances while handling requests to access the Remote Registry Server, Windows NT 4.0 can crash due to winlogon.exe's inability to process specially malformed remote registry requests. Rebooting...
Microsoft Windows AutoRuns Winlogon
Binary data windowsautorunswinlogon.nbin...
Windows Capture Winlogon Lockout Credential Keylogger
This module migrates and logs Microsoft Windows user's passwords via Winlogon.exe using idle time and natural system changes to give a false sense of security to the user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
By injecting the Winlogon process intercepts the system password-vulnerability warning-the black bar safety net
Komaki original article, reproduced please indicate the source. Thank you. http://blog.hack.la QQ: 4 2 8 9 0 3 0 A. Winlogon. exe is a prerequisite for the user login process, and. We will now be through DLL injection, to achieve the intercepted system login user name and password and other...
About the winlogon process stored in the current user's password problems-vulnerability warning-the black bar safety net
Look at this post before, I was wondering, why I used findpass of the time, sometimes you can find an administrator password, sometimes not? See this post later, slightly understand the point to ------------------------------ The following is from the focus of the post: Q: everyone knows you can...
Microsoft Windows用户配置文件权限提升漏洞(MS06-051)
Microsoft Windows是微软发布的非常流行的操作系统。 Windows的Winlogon在处理用户配置文件时存在漏洞,本地攻击者可能利用此漏洞提升自己在系统中的权限。 在Windows 2000上,Winlogon允许使用无效的路径。如果禁用了SafeDllSearchMode的话,并将特制的DLL置于UserProfile目录中,WinLogon就可能执行DLL代码,从而导致用户的权限提升。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows Server 2003 SP1 Microsof...
Ginwui back door program analysis-vulnerability warning-the black bar safety net
This year 5 month 1 9 day CVE release number for the CVE-2 0 0 6-2 4 9 2 security bulletins, Microsoft Word processing DOC file there is a buffer overflow vulnerability, and Microsoft Word to run the special structure of the doc file, resulting in arbitrary code execution. A remote attacker could...
Multiple Windows kernel security vulnerabilities
Buffer overflow vulnerability allows privilege escalation, WinLogon user profile DLL privilege escalation, unhandled exception code execution vulnerability...
Microsoft Windows Kernel vulnerable to privilege escalation
Overview Microsoft Windows contains a privilege escalation vulnerability that could allow an authenticated, local attacker to gain complete control of the affected system. Description Winlogon is the component of Microsoft Windows responsible for interactive, security related functions. Upon logo...
CVE-2006-3443
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."...
CVE-2006-3443
CVE-2006-3443 affects Windows 2000 SP4 with Winlogon vulnerable to a User Profile Elevation of Privilege when SafeDllSearchMode is disabled. A local attacker can place a malicious DLL in the UserProfile directory to execute code with SYSTEM-level privileges after logon, as described in Microsoft ...
CVE-2006-3443
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."...
How to in Windows 2 0 0 3 to give the login password-vulnerability warning-the black bar safety net
In all NT systems, there are several ways you can get the login user's password. I know of three methods can achieve the purpose. 1. hook the winlogon in the several function, the Internet also has this type ofprogram, called winlogonhijack items in the rootkit. com has to offer, but that project...
Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the...