MS Enterprise app management service RCE. CVE-2022-35841

TL;DR A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday. The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications...

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation...

KnockOutlook - A Little Tool To Play With Outlook

"The best feeling is to win by knockout." - Nonito Donaire Overview KnockOutlook is a C project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements. Command Line Usage metadata of every account search : search for the provided keyword...

Microsoft Office Graph Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...

Microsoft Office Graph Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...

CVE-2020-16935

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

CVE-2020-16916

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

Privilege escalation

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

Privilege escalation

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

CVE-2020-16916

CVE-2020-16916 is a Windows elevation-of-privilege flaw in the COM server object creation path. The root cause is Windows handling of COM object creation, allowing an attacker who can log on to run a specially crafted application that exploits the vulnerability to gain elevated code execution. Mi...

CVE-2020-16916

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-11039)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server,...

Microsoft Windows Multiple Vulnerabilities (KB4580327)

This host is missing a critical security update according to Microsoft KB4580327 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Windows COM Server component of the Windows operating system, which allows attackers to escalate their privileges

The vulnerability of the Windows COM Server component of the operating system is related to errors in the processing of COM objects. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

CVE-2020-1375

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...

CVE-2020-1375

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...

CVE-2018-21243

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used...

CVE-2018-21243

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used...

Code injection

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used...