153 matches found
CVE-2019-0555
The CVE-2019-0555 entry corresponds to an elevation of privilege in Microsoft XmlDocument that can escape AppContainer sandbox via cross-boundary remoting. Connected analysis explains an IDispatch/type library abuse path: malicious clients query for the old IXMLDOMDocument interface, then marshal...
Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also...
Microsoft XmlDocument Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer...
KB4480973: Windows 10 Version 1703 January 2019 Security Update
The remote Windows host is missing security update 4480973. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...
Microsoft Edge’s vulnerability, related to access control deficiencies, allows attackers to elevate their privileges and escape from the isolated software environment.
The vulnerability of Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and escape from the isolated software environment of AppContainer...
Microsoft Edge’s vulnerability, related to access control deficiencies, allows attackers to elevate their privileges and escape from the isolated software environment.
The vulnerability of Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and escape from the isolated software environment of AppContainer...
Microsoft Windows Multiple Vulnerabilities (KB4457142)
This host is missing a critical security update according to Microsoft KB4457142 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-8463
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469...
CVE-2018-8469
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463...
CVE-2018-8469
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463...
CVE-2018-8463
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469...
Microsoft Edge Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The...
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of...
Windows 10 - #Windows10 Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Exploit for windows platform in category dos / poc Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as...
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge application...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass
Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...
Windows: Constrained Impersonation Capability EoP(CVE-2018-0821)
Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to impersonate a lowbox SYSTEM token leading to EoP. Description:...
CVE-2018-0821
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability"...
CVE-2018-0821
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability"...