CVE-2024-48200

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd conhost.exe...

CVE-2024-48200

Summary of CVE-2024-48200 (MobaXterm v24.2) : A local privilege escalation and arbitrary code execution issue exists in the MobaXterm MSI remove function, which spawns an Administrative cmd (conhost.exe). This can allow an unprivileged local attacker to execute code with elevated privileges. The ...

CVE-2024-48200

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd conhost.exe...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

CVE-2024-35288 affects Nitro PDF Pro, specifically versions prior to 13.70.8.82 and 14.x prior to 14.26.1.0. The root cause is unsafe custom actions in the MSI installer when in repair mode, enabling Local Privilege Escalation. CertUtil runs in a conhost.exe window, and there is a mechanism allow...

CVE-2023-7270 Local Privilege Escalation via MSI installer

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running a...

CVE-2023-7270 Local Privilege Escalation via MSI installer

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running a...

Intel PowerGadget 3.6 Local Privilege Escalation Vulnerability

Vulnerability summary: Local Privilege Escalation from regular user to SYSTEM, via conhost.exe hijacking triggered by MSI installer in repair mode Affected Products: Intel PowerGadget Affected Versions: tested on PowerGadget3.6.msi a3834b2559c18e6797ba945d685bf174, file signed on ‎Monday, ‎Februa...

CVE-2024-22042

A vulnerability has been identified in Unicam FX All versions. The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host conhost.exe as a child process with SYSTEM privileges. This could be exploited by an attacker to...

Privilege escalation

A vulnerability has been identified in Unicam FX All versions. The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host conhost.exe as a child process with SYSTEM privileges. This could be exploited by an attacker to...

CVE-2024-22042

CVE-2024-22042 affects Siemens UniCam FX (All versions). The Windows installer agent contains incorrect use of privileged APIs, causing conhost.exe to run as a child process with SYSTEM privileges and enabling local privilege escalation. This vulnerability is documented across multiple sources (S...

PT-2024-1743 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Unicam FX All versions Description: The issue is related to the incorrect use of privileged APIs in the Windows installer agent used by Unicam FX. This could allow an attacker to perform a local privilege escalation attack by exploiting the...

May 9, 2023—KB5026370 (OS Build 20348.1726)

May 9, 2023—KB5026370 OS Build 20348.1726 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when new...

Monitoring Windows Console Activity (Part 1)

Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...

MS11-056: Vulnerabilities in Windows CSRSS could allow elevation of privilege: July 12, 2011

MS11-056: Vulnerabilities in Windows CSRSS could allow elevation of privilege: July 12, 2011 Introduction Microsoft has released security bulletin MS11-056. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...