Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation

Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broke...

Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation

Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object doesn’t verify its caller correctly allowing one user to...

Privilege escalation

An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge...

CVE-2019-0566

An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal unmarshaler. I’m reporting multiple, non-exhaustive, issues...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for th...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal...

Microsoft Windows Multiple Vulnerabilities (KB4467686)

This host is missing a critical security update according to Microsoft KB4467686 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft JScript Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. To exploit the vulnerability, an attacker would first have to access the local machine, and run a specially crafted application to create arbitrary COM objects. The update...

Microsoft .NET Framework Multiple Vulnerabilities (KB4338424)

This host is missing an important security update according to Microsoft KB4338424 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft .NET Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Hi @ll, all versions of .NET Framework support to load a COM object as code profiler, enabled via two or three environment variables. From | A profiler DLL is an unmanaged DLL that runs as part of the | common language runtime execution...

Microsoft .NET Privilege Escalation

Hi @ll, all versions of .NET Framework support to load a COM object as code profiler, enabled via two or three environment variables. From | A profiler DLL is an unmanaged DLL that runs as part of the | common language runtime execution engine. As a result, the code | in the profiler DLL is not...

McAfee VirusScan Enterprise Denial of Service Vulnerability

McAfee VirusScan Enterprise is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A security vulnerability exists in Scriptscan COM Object in McAfee...

CVE-2016-8030

A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link...

Memory corruption

A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link...

CVE-2016-8030

A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link...

VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening...

Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation

Oracle VM VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of...

McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability

Overview McAfee VirusScan Enterprise for Windows scriptproxy COM object contains a memory corruption vulnerability. Description According to the reporter, McAfee VirusScan Enterprise for Windows version 8.7i through at least 8.8 patch 7 contains a scriptproxy COM object that is vulnerable to the...

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion

TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions. These sample...