217 matches found
CVE-2018-21243
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used...
CVE-2020-0685
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
Privilege escalation
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
CVE-2020-0685
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
Microsoft Office Graph Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...
Microsoft Windows Multiple Vulnerabilities (KB4530734)
This host is missing a critical security update according to Microsoft KB4530734 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
CVE-2019-1478
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
Privilege escalation
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
KB4530692: Windows 7 and Windows Server 2008 R2 December 2019 Security Update
The remote Windows host is missing security update 4530692 or cumulative update 4530734. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the...
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...
Windows Escalate UAC Protection Bypass Via Dot Net Profiler
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...
Microsoft Windows Multiple Vulnerabilities (KB4523205)
This host is missing a critical security update according to Microsoft KB4523205 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
Microsoft Windows Multiple Vulnerabilities (KB4525237)
This host is missing a critical security update according to Microsoft KB4525237 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play UPnP service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'...
PT-2019-3921 · Microsoft · Windows Universal Plug/Play (Upnp) Service +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Universal Plug and Play UPnP Service affected versions not specified Description: An elevation of privilege issue exists due to the improper allowance of COM object creation by the Windows Universal Plug and Play UPnP servic...
Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update
With the Windows 10 May 2019 Update we delivered several important features for Windows Defender Application Control WDAC, which was originally introduced to Windows as part of a scenario called Device Guard. WDAC works in conjunction with features like Windows Defender Application Guard, which...
Hunting COM Objects (Part Two)
Background As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects. What is a COM Object? According to...
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broke...