216 matches found
EUVD-2020-12251
Malware in sbrugna...
EUVD-2020-8893
Malware in sbrugna...
EUVD-2020-2178
Malware in sbrugna...
EUVD-2018-13759
Malware in sbrugna...
EUVD-2004-1899
Malware in sbrugna...
EUVD-2019-10035
Malware in sbrugna...
EUVD-2020-4354
Malware in sbrugna...
EUVD-2020-8874
Malware in sbrugna...
CVE-2020-1375
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play UPnP service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'...
CVE-2019-1478
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
CVE-2018-21243
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used...
CVE-2005-4844
The CLSIDApprenticeICW control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...
CVE-2005-4845
The Java Plug-in 1.4.203 and 1.4.204 controls, and the 1.4.203 and 1.4.204 redirector controls, allow remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet...
CVE-2005-4842
The System Monitor Source Properties control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...
CVE-2005-4841
The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...
CVE-2025-0889
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process...
Check Point Response to CVE-2024-24912 - local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
Symptoms - A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and lower. By manipulating the COM object, an attacker could load a specially crafted DLL. An attacker must first obtain the ability to execute local privilege...
Aladdin - Payload Generation Technique That Allows The Deseriallization Of A .NET Payload And Execution In Memory
Aladdin is a payload generation technique based on the work of James Forshaw @tiraniddo that allows the deseriallization of a .NET payload and execution in memory. The original vector was documented on https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html. By spawning the...
MS Enterprise app management service RCE. CVE-2022-35841
TL;DR A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday. The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications...