7 matches found
Microsoft Error Reporting Local Privilege Elevation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Error Reporting Local Privilege Elevation Vulnerability', 'Description' = %q This module takes advantage of a bug in the way Windows...
Microsoft Error Reporting Local Privilege Elevation Exploit
This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary...
Exploit for Link Following in Microsoft
CVE-2023-36874 Windows Error Reporting LPE BOF Introductio...
CVE-2023-36874
Windows Error Reporting Service Elevation of Privilege Vulnerability...
CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability
...
CVE-2023-36874
CVE-2023-36874 is a Windows Error Reporting Service privilege-escalation vulnerability. The root cause described in the sources is a filesystem/relative-path handling flaw: WER may invoke wermgr.exe using a relative path and does not validate symbolic links, allowing a non-system executable to be...
CVE-2023-36874
Windows Error Reporting Service Elevation of Privilege Vulnerability Recent assessments: bwatters-r7 at January 17, 2024 4:54pm UTC reported: CVE-2023-36874 is a filesystem redirection vulnerability that relies on a trusted process using relative filepath data and poor file validation to allow a...