Lucene search
K

153 matches found

CVE
CVE
added 2019/01/08 9:0 p.m.177 views

CVE-2019-0555

The CVE-2019-0555 entry corresponds to an elevation of privilege in Microsoft XmlDocument that can escape AppContainer sandbox via cross-boundary remoting. Connected analysis explains an IDispatch/type library abuse path: malicious clients query for the old IXMLDOMDocument interface, then marshal...

7.8CVSS7.5AI score0.0243EPSS
Exploits2References3Affected Software6
Talos Blog
Talos Blog
added 2019/01/08 11:40 a.m.305 views

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also...

10CVSS0.9AI score0.82902EPSS
Exploits39
Microsoft CVE
Microsoft CVE
added 2019/01/08 8:0 a.m.48 views

Microsoft XmlDocument Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer...

9.3CVSS3AI score0.0243EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2019/01/08 12:0 a.m.94 views

KB4480973: Windows 10 Version 1703 January 2019 Security Update

The remote Windows host is missing security update 4480973. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

9.3CVSS8AI score0.82902EPSS
Exploits36References31
BDU FSTEC
BDU FSTEC
added 2018/10/19 12:0 a.m.6 views

Microsoft Edge’s vulnerability, related to access control deficiencies, allows attackers to elevate their privileges and escape from the isolated software environment.

The vulnerability of Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and escape from the isolated software environment of AppContainer...

5CVSS7.8AI score0.15417EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2018/10/19 12:0 a.m.9 views

Microsoft Edge’s vulnerability, related to access control deficiencies, allows attackers to elevate their privileges and escape from the isolated software environment.

The vulnerability of Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and escape from the isolated software environment of AppContainer...

5CVSS7.8AI score0.15417EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2018/09/18 12:0 a.m.60 views

Microsoft Windows Multiple Vulnerabilities (KB4457142)

This host is missing a critical security update according to Microsoft KB4457142 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.9AI score0.69019EPSS
Exploits16References3
NVD
NVD
added 2018/09/13 12:29 a.m.16 views

CVE-2018-8463

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469...

7.4CVSS7.5AI score0.15417EPSS
Exploits1References4
NVD
NVD
added 2018/09/13 12:29 a.m.18 views

CVE-2018-8469

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463...

7.4CVSS7.5AI score0.15417EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2018/09/13 12:29 a.m.1 views

CVE-2018-8469

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463...

7.4CVSS5.6AI score0.15417EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2018/09/13 12:29 a.m.1 views

CVE-2018-8463

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469...

7.4CVSS5.6AI score0.15417EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.28 views

Microsoft Edge Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The...

7.4CVSS3.4AI score0.15417EPSS
Exploits1
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.98 views

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of...

7.2CVSS6.5AI score0.03553EPSS
Exploits4
0day.today
0day.today
added 2018/06/20 12:0 a.m.101 views

Windows 10 - #Windows10 Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Exploit for windows platform in category dos / poc Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as...

6.9CVSS7.9AI score0.03553EPSS
Exploits5
exploitpack
exploitpack
added 2018/06/20 12:0 a.m.62 views

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge application...

7.2CVSS0.3AI score0.03553EPSS
Exploits4
exploitpack
exploitpack
added 2018/06/13 12:0 a.m.29 views

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.64 views

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...

7AI score
Exploits0
seebug.org
seebug.org
added 2018/02/24 12:0 a.m.102 views

Windows: Constrained Impersonation Capability EoP(CVE-2018-0821)

Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to impersonate a lowbox SYSTEM token leading to EoP. Description:...

7.6AI score0.02344EPSS
Exploits3
NVD
NVD
added 2018/02/15 2:29 a.m.22 views

CVE-2018-0821

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability"...

7CVSS6.9AI score0.02344EPSS
Exploits3References4
OSV
OSV
added 2018/02/15 2:29 a.m.3 views

CVE-2018-0821

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability"...

7CVSS5.8AI score0.02344EPSS
Exploits3References4
Rows per page
Query Builder