Lucene search
K

16 matches found

Packet Storm
Packet Storm
added 2022/02/28 12:0 a.m.400 views

Win32k ConsoleControl Offset Confusion / Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k ConsoleControl Offset Confusion', 'Description' = %q A vulnerability exists within win32k that can be leveraged by an attacker to escalate...

7.8CVSS1.1AI score0.80968EPSS
Exploits41
0day.today
0day.today
added 2022/02/28 12:0 a.m.635 views

Win32k ConsoleControl Offset Confusion / Privilege Escalation Exploit

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This...

7.8CVSS8.3AI score0.80968EPSS
Exploits41
Metasploit
Metasploit
added 2022/02/26 5:42 p.m.360 views

Win32k ConsoleControl Offset Confusion

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This...

7.8CVSS7.5AI score0.80968EPSS
Exploits41
GithubExploit
GithubExploit
added 2022/02/14 9:28 p.m.554 views

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-21882 Win32k Elevation Of Privileges Techn...

7.8CVSS7.9AI score0.78376EPSS
Exploits22
ThreatPost
ThreatPost
added 2022/02/07 10:39 p.m.78 views

CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug

CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating ...

7.8CVSS9.2AI score0.55711EPSS
Exploits7References14
The Hacker News
The Hacker News
added 2022/02/07 5:3 a.m.132 views

CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882...

7.8CVSS1.4AI score0.78376EPSS
Exploits22
GithubExploit
GithubExploit
added 2022/02/07 3:45 a.m.958 views

Exploit for Out-of-bounds Write in Microsoft

cve-2022-21882-poc lpe poc...

7.8CVSS8.1AI score0.55711EPSS
Exploits7
GithubExploit
GithubExploit
added 2022/02/01 5:58 p.m.279 views

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-21882 win32k LPE bypass CVE-2021-1732 Test - only...

7.8CVSS7.9AI score0.78376EPSS
Exploits22
ThreatPost
ThreatPost
added 2022/01/31 9:59 p.m.411 views

Public Exploit Released for Windows 10 Bug

Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...

7.8CVSS8AI score0.78376EPSS
Exploits22References14
Circl
Circl
added 2022/01/28 12:7 p.m.10 views

CVE-2022-21882

creationtimestamp| type| source ---|---|--- 2022-01-28 12:07:13+00:00| seen| https://t.me/CyberSecurityTechnologies/5293 2022-01-30 09:43:14+00:00| published-proof-of-concept| https://t.me/cyberbannewsir/4980 2022-01-30 09:45:57+00:00| published-proof-of-concept| https://t.me/habrcomnews/3088...

7.8CVSS7.1AI score0.55711EPSS
Exploits7References37
NVD
NVD
added 2022/01/11 9:15 p.m.24 views

CVE-2022-21882

Win32k Elevation of Privilege Vulnerability...

7.8CVSS0.55711EPSS
Exploits7References4
Vulnrichment
Vulnrichment
added 2022/01/11 8:22 p.m.13 views

CVE-2022-21882 Win32k Elevation of Privilege Vulnerability

...

7CVSS7AI score0.55711EPSS
Exploits7References1
CVE
CVE
added 2022/01/11 8:22 p.m.1361 views

CVE-2022-21882

CVE-2022-21882 is a Windows Win32k local privilege-escalation vulnerability. It arises when an incomplete patch for CVE-2021-1732 leaves a bypass path that lets attackers trigger the vulnerability via a manipulated user-callback flow in Win32k, enabling a full compromise of the affected process. ...

7.8CVSS7.8AI score0.55711EPSS
In wildExploits7References4Affected Software9
Check Point Advisories
Check Point Advisories
added 2022/01/11 12:0 a.m.11 views

Microsoft Windows Win32k Elevation of Privilege (CVE-2022-21882)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2CVSS5.8AI score0.55711EPSS
Exploits7
ATTACKERKB
ATTACKERKB
added 2022/01/11 12:0 a.m.318 views

CVE-2022-21882

Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at January 18, 2022 4:35pm UTC reported: Looks like this is a LPE in win32k that is being exploited in the wild according to Microsoft to let attackers escalate their privileges to SYSTEM. Attack complexity on this is hig...

7.8CVSS8.3AI score0.78376EPSS
In wildExploits22References4
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.98 views

KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)

The remote Windows host is missing security update 5009557. It is, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2022-21836 - A denial of service DoS vulnerabilit...

10CVSS7.8AI score0.9279EPSS
Exploits33References83
Rows per page
Query Builder