Fortinet FortiClient Arbitrary Code Execution Vulnerability

Fortinet FortiClient is a Fortinet endpoint security solution that provides end-users with antivirus, encryption, and other services. An arbitrary code vulnerability exists in Fortinet FortiClient versions prior to 5.2.4, which allows local users to execute arbitrary code with kernel privileges b...

Fortinet FortiClient Privilege Vulnerability

Fortinet FortiClient is a Fortinet endpoint security solution that provides end users with anti-virus, encryption and other services. An elevation of privilege vulnerability exists in Fortinet FortiClient versions prior to 5.2.4, which allows a local user to obtain elevation of privilege via...

CVE-2015-5736

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a 1 0x220024 or 2 0x220028 ioctl call...

CVE-2015-5735

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call...

Design/Logic Flaw

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call...

Code injection

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a 1 0x220024 or 2 0x220028 ioctl call...

Design/Logic Flaw

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...

CVE-2015-5735

CVE-2015-5735 affects Fortinet FortiClient before 5.2.4 via vulnerable drivers mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, and mdare64_52.sys. Using IOCTL 0x226108 allows a local user to write to arbitrary memory locations (kernel memory write). Fortinet released an updated FortiClient 5.2.4....

CVE-2015-5736

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a 1 0x220024 or 2 0x220028 ioctl call...

CVE-2015-5736

Fortinet FortiClient (Windows) before 5.2.4 is affected by CVE-2015-5736 via the Fortishield.sys minifilter. The IOCTL calls 0x220024 and 0x220028 allow a non-user-supplied callback to be set, enabling a local user to execute code with kernel privileges through the registered callback during IRP_...

CVE-2015-5737

FortiClient prior to version 5.2.4 is affected by CVE-2015-5737 (and related CIS-CWE IVs) due to several drivers (mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, mdare64_52.sys, Fortishield.sys) that improperly restrict access to process and Windows registry management APIs. The IOCTL 0x2220c8 ex...

CVE-2015-5737

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, 4 mdare6452.sys, and 5 Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a P...

CVE-2015-5735

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call...

CVE-2015-4077

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt 1...

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL:...

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC

Exploit for windows platform in category dos / poc Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Publication Date: 2015.09.01 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt 1. Vulnerability Details Affected Vendor: Silicon Integrated...

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC

Exploit for windows platform in category dos / poc Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt 1. Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation...

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write (PoC)

KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-004 Publication Date: 2015.09.01 Publication URL:...

SiS Windows VGA Display Manager Multiple Privilege Escalation

Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation Affected Product: Windows VGA Display Manager Affected Version: 6.14.10.3930 Platform: Microsoft Windows 7 x86, Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code...