TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

Posted by Maddie Stone, Project Zero INTRODUCTION I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s...

VMware Fusion 11.5.2 - Privilege Escalation

VMware Fusion 11.5.2 - Privilege Escalation Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Date: 2020-03-17 Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software...

VMware Fusion 11.5.2 - Privilege Escalation Exploit

Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software Link:...

AppInfo AiCheckSecureApplicationDirectory Bypass

The AppInfo service handles requests for UAC elevation. There’s an issue with the checking of secure directories which allows a user to install a UIAccess application without requiring full access to a secure directory leading to the potential for EoP Recent assessments: busterb at May 09, 2019...

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit...

ScanGuard Antivirus 2020 - Insecure Folder Permissions Exploit

Exploit Title: ScanGuard Antivirus 2020 - Insecure Folder Permissions Exploit Author: hyp3rlinx Vendor Homepage: https://www.scanguard.com/ Software Link: https://support.scanguard.com/en/kb/22/upgrades-available Version: 2020 Tested on: Windows CVE : N/A Category: exploit...

CVE-2019-9350

In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815...

CVE-2019-9350

In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815...

CVE-2019-9350

CVE-2019-9350 corresponds to an Elevation of Privilege in Android 10 Keymaster, caused by a use-after-free in a component handling crypto operations. This vulnerability could allow a local attacker to escalate privileges without additional execution privileges or user interaction, as described ac...

Valve: Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client

The vulnerability allows to create arbitrary file with some crafted text or append to existing file. Tested on actual version 5.31.28.21 SteamService.exe filevesion info. At start of the report I describe how to trigger vulnerability, than describe how to cause any consequences. How to trigger - ...

Exploit for CVE-2019-1132

CVE-2019-1132 EoP P...

Microsoft Windows 10 19031809 - RPCSS Activation Kernel Security Callback Privilege Escalation

Microsoft Windows 10 19031809 - RPCSS Activation Kernel Security Callback Privilege Escalation Windows: RPCSS Activation Kernel Security Callback EoP Platform: Windows 10 1903/1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User...

Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day...

Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation

Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a syste...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteri...

Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free Exploit

Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free

Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...

Dokany 1.2.0.1000 Buffer Overflow / Privilege Escalation

/ Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version - 1.2.0.1000 - dokan1.sys Software package -...

Zero-Day Bug Patched by Microsoft, Part of December Patch TuesdZero-Day Bug Fixed by Microsoft in December Patch Tuesdayay

Microsoft has patched a zero-day vulnerability actively being used against older versions of the Windows operating system, as part of its December Patch Tuesday updates. According to the software giant, the vulnerability CVE-2018-8611 is an elevation-of-privilege EoP bug that affects Windows 7...

Immunity Canvas: UNMARSHAL_TO_SYSTEM

Name| unmarshaltosystem ---|--- CVE| CVE-2018-0824 Exploit Pack| CANVAS Description| CVE-2018-0824 QC Marshal Interceptor Insecure COM Unmarshal LPE Notes| CVE Name: CVE-2018-0824 VENDOR: Microsoft Notes: Tested against: --------------- Windows 7 x86 - NOT VULNERABLE Windows Server 2016 - NOT...