64 matches found
CVE-2020-13555
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...
CVE-2020-13555
Advantech WebAccess/SCADA 9.0.1 is affected by several local privilege escalation vulnerabilities (CVE-2020-13555, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554) as detailed in TALOS-2020-1169. The issues arise from weak permissions and misconfigurations that enable an unprivileged or moderately...
CVE-2020-16935 Windows COM Server Elevation of Privilege Vulnerability
...
CVE-2020-16916 Windows COM Server Elevation of Privilege Vulnerability
...
Windows COM Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
Windows COM Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
KLA11978 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities...
CVE-2020-1375
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...
Windows COM Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
Windows COM Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
// Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // - https://www.zerodayinitiative.com/blog/2019/12/19/privilege-escalation-via-the-core-shell-com-registrar-object // -...
Windows - Shell COM Server Registrar Local Privilege Escalation Exploit
Windows - Shell COM Server Registrar Local Privilege Escalation Exploit // Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // -...
Windows - Shell COM Server Registrar Local Privilege Escalation
Windows - Shell COM Server Registrar Local Privilege Escalation // Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // -...
CVE-2019-1478
CVE-2019-1478 is a Windows elevation-of-privilege vulnerability caused by improper handling of COM object creation in Windows COM Server. A local attacker who can log on could exploit a specially crafted application to execute arbitrary code with elevated privileges by taking control of the affec...
Windows COM Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM
A sugared version ofRottenPotatoNG, with a bit of juice, i.e. another LocalPrivilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM Summary RottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on...
CVE-2019-1184
CVE-2019-1184 is a Windows elevation-of-privilege issue in the Windows Core Shell COM Server Registrar that arises from improperly handling COM calls. Exploitation requires a logged-on user who runs a specially crafted application, enabling higher-privilege execution on an affected system. Affect...
PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH Vulnerability: Cross-site Scripting AFFECTED PRODUCTS The following models running firmware versions prior to 1.99, 2.20, or 2.40 of FL...
Microsoft Office Equation Editor stack buffer overflow
Overview Microsoft Equation Editor contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Equation Editor is a component that comes with Microsoft Office. It is an out-of-process COM server that ...
Microsoft Windows - CreateObjectTask TileUserBroker Privilege Escalation
Microsoft Windows - CreateObjectTask TileUserBroker Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=439 Windows: CreateObjectTask TileUserBroker Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in earlier Windows...