293 matches found
EUVD-2004-2075
Malware in sbrugna...
CVE-2002-1984
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service crash via an OBJECT tag that contains a crafted CLASSID CLSID value of "CLSID:00022613-0000-0000-C000-000000000046"...
GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...
Bluffy - Convert Shellcode Into Different Formats!
Bluffy is a utility which was used in experiments to bypass Anti-Virus products statically by formatting shellcode into realistic looking data formats. Proof-of-concept tools, such as 0xBoku's NinjaUUIDRunner and ChoiSG's UuidShellcodeExec, inspired the initial concept for Bluffy. So far, we...
KB4561600: Security update for Adobe Flash Player (June 2020)
The remote Windows host is missing security update KB4561600. It is, therefore, affected by an use after free vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code within the context of the user. C Tenable Network Security, In...
Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM
A sugared version ofRottenPotatoNG, with a bit of juice, i.e. another LocalPrivilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM Summary RottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML !-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when...
TAU Threat Intelligence Notification: PPID Spoofing – Explorer CLSID
Summary Popular Attack Surface Reduction bypasses allow adversaries to hinder threat hunting activities by spoofing Parent Process ID. PPID to PID relationships have always been a key indicator of compromise and removing these conditions lead to false sense of security. Upon investigation its bee...
Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC Juicy', 'Description' = %q This module utilizes the...
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for th...
Analyzing an exploit for СVE-2017-11826
The latest Patch Tuesday 17 October brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX...
Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass
Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy che...
Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net
The so-called CVE-2017-8570 sample Last week, 360 days eye lab found foreign hackers on Github released a CVE-2017-8570 exploits code, but then deleted, in order to find quite a few labeled as CVE-2017-8570 Office malware samples, such as the following VirusTotal is marked as CVE-2017-8570 sample...
UCanCode - Multiple Vulnerabilities
Exploit for windows platform in category dos / poc UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm Description: Form vendor's web page "UCanCode Software is a Market Leading provider of HMI & SCADA,...
CVE-2 0 1 4-6 3 5 2 vulnerability and targeted attacks sample analysis-vulnerability warning-the black bar safety net
Primer People do,day in look. Recent 3 6 0 days eye the lab captured an example for India the orientation of the attack of the sample,the sample advantage of the sandworm vulnerability patch bypass Vulnerability CVE-2 0 1 4-6 3 5 2,was analyzed after confirmation, we think this is Trend Micro in...
Remotely through a browser using Microsoft Office DLL MS15-1 3 2)hijacking vulnerability-vulnerability warning-the black bar safety net
A few weeks ago, security researcher Parvez Anwar, working in their individual tweets posted on a lot of Microsoft Office DLL hijacking vulnerability1. Fig. A few weeks later, Microsoft released MS15-1 3 2 patch, fixed a related vulnerability, while addressing the is Google security research2in a...
Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007)
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC docume...
Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting (MS16-007)
Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting MS16-007 Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The...
Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)
Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll MS15-132 Source: https://code.google.com/p/google-security-research/issues/detail?id=556 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially...
Microsoft Internet Explorer ISettingsBroker Sandbox Bypass Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage o...