Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service(CVE-2016-3369)

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

Microsoft Windows AHCACHE.SYS Denial of Service (MS16-110: CVE-2016-3369)

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an...

Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

Microsoft Windows NtApphelpCacheControl Improper Authorization Check Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' class Metasploit3 'Microsoft Windows...

Privilege escalation

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with ...

CVE-2015-0002

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with ...

CVE-2015-0002

CVE-2015-0002 (AppCompat Cache Elevation of Privilege) affects Windows via AhcVerifyAdminContext in ahcache.sys, introduced with Windows 8/8.1 era. The root cause is improper validation of the caller’s impersonation token: the code retrieves the token and checks for LocalSystem or Administrators,...

Windows-8.1-ahcache.sys

On Windows 8.1 update the system call NtApphelpCacheControl the code is actually in ahcache.sys allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to...

MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check

On Windows, the system call NtApphelpCacheControl the code is actually in ahcache.sys allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to...

Microsoft Windows 8.1 (x86x64) - ahcache.sys NtApphelpCacheControl Privilege Escalation

Microsoft Windows 8.1 x86x64 - ahcache.sys NtApphelpCacheControl Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=118c1 Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35661-poc.zip Platform:...