46 matches found
A Deep Dive into the GetProcessHandleFromHwnd API
Posted by James Forshaw In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I...
EUVD-2017-3419
Malware in sbrugna...
EUVD-2021-21697
Malware in sbrugna...
EUVD-2015-5121
Malware in sbrugna...
Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#
Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...
March 8, 2022—KB5011560 (Security-only update)
March 8, 2022—KB5011560 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support...
Design/Logic Flaw
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High...
CVE-2021-35052
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High...
CVE-2021-35052
Summary: CVE-2021-35052 concerns Kaspersky Password Manager. The connected ZDI advisory states the flaw exists in the Kaspersky Password Manager Service and arises from execution with unnecessary privileges, enabling local attackers to escalate from medium to high integrity by running code in the...
Microsoft Windows Containers Privilege Escalation
Windows Containers: ContainerUser has Elevated Privileges Windows Containers: ContainerUser has Elevated Privileges Platform: Windows 10 20H2 not tested other versions Class: Elevation of Privilege Security Boundary: User Summary: The standard user ContainerUser in a Windows Container has elevate...
CVE-2020-0981
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.T...
Security feature bypass
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.T...
CVE-2020-0981
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.T...
Windows Token Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape...
Immunity Canvas: ALPC_TAKEOVER_LPE
Name| alpctakeoverlpe ---|--- CVE| CVE-2019-0841 Exploit Pack| CANVAS Description| ALPC Takeover LPE Notes| CVE Name: CVE-2019-0841 NOTES: Works with Medium Integrity Level Tested: - Windows 10 1703 x64 - Windows 10 1709 x64 - Windows 10 1803 x86, x64 - Windows 10 1809 x86, x64 VENDOR: Microsoft...
VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The...
Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges the permissions of the curre...
CVE-2017-11818
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security...
CVE-2017-11818
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security...
Security feature bypass
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security...