Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read

Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done...

Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read

The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while impersonating, but using junctions there is still a TOCT...

Anti-Virus Privileged File Write Vulnerability

Anti-Virus solutions are split into several different components an unprivileged user mode part, a privileged user mode part and a kernel component. Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part "the UI"...

Anti-Virus Privileged File Write

Dear list, This mail is not about a single vulnerability, but a more or less general technique I discovered to abuse the restore from quarantine feature in anti-virus solutions to gain local admin rights. As I also presented this attack at the IT SECX conference, I had to invent a name for it too...

Adobe Acrobat Multiple Vulnerabilities - 01 (Oct 2015) - Mac OS X

Adobe Acrobat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat"; ifdescription...

CVE-2015-7829

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete...

CVE-2015-7829

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete...

CVE-2015-7829

Summary (CVE-2015-7829) : Adobe Reader and Acrobat on Windows are affected by a flaw in how they handle junctions in the Synchronizer directory, allowing an attacker to delete arbitrary files via Adobe Collaboration Sync. Affected products include Adobe Reader/Acrobat 10.x up to 10.1.16 and 11.x ...

CVE-2015-2553

CVE-2015-2553 affects the Windows kernel’s handling of mountpoint creation for reparse points, enabling local privilege escalation via sandboxed environments on Windows Vista/7/8/8.1/10 and corresponding server editions. Public writeups describe bypasses of the mitigation introduced by MS15-111 (...

MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447)

The remote Windows host is affected by the following vulnerabilities : - Multiple elevation of privilege vulnerabilities exist in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute...

CVE-2013-1672

The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions...

CVE-2013-1672

The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions...

Design/Logic Flaw

The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions...

CVE-2013-1672

The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions...

CVE-2013-1672

CVE-2013-1672 affects Mozilla Firefox on Windows (and related Thunderbird/ESR components) where the Mozilla Maintenance Service can be exploited to bypass integrity verification and escalate privileges. The issue is tied to local privilege escalation via manipulation of data passed to the mainten...

PT-2013-3307 · Mozilla +1 · Firefox Esr +4

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 21.0 Firefox ESR versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR versions prior to 17.0.6 Description: The issue allows local users to bypass integrity verification and gain...