McAfee Application Control swin.sys Kernel Driver Denial of Service Vulnerability

McAfee Application Control is a suite of program control software. The software protects enterprise servers and endpoints from the threat of unauthorized applications and malware by using a dynamic trust model. A security vulnerability in the swin.sys kernel driver for McAfee Application Control ...

CVE-2016-1715

The swin.sys kernel driver in McAfee Application Control MAC 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service memory corruption and system crash or...

Memory corruption

The swin.sys kernel driver in McAfee Application Control MAC 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service memory corruption and system crash or...

CVE-2016-1715

The swin.sys kernel driver in McAfee Application Control MAC 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service memory corruption and system crash or...

McAfee Application Control Kernel Driver Memory Corruption Elevation of Privilege Vulnerability

McAfee Application Control is a centrally managed whitelisting solution. McAfee Application Control has a security vulnerability in the handling of syscall 768 within the swin.sys kernel driver, which can be exploited to execute arbitrary code in the system context by writing a "0" to any locatio...

McAfee Application Control Kernel Driver Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of McAfee Application Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

UBUNTU-CVE-2015-7869

Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive...

Samsung Sieren Kernel Driver Buffer Overflow Vulnerability

Samsung Sieren Kernel Driver is a set of Sieren kernel driver applications. A local buffer overflow vulnerability exists in Samsung Sieren Kernel Driver, which allows attackers to exploit the vulnerability to crash the application or elevate privileges...

Samsung - m2m1shot Kernel Driver Buffer Overflow

Samsung - m2m1shot Kernel Driver Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=493 The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoin...

Samsung - 'm2m1shot' Kernel Driver Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=493 The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoint /dev/m2m1shotjpeg is accessible by the media...

Win10Pcap-Exploit: the use of Win10Pcap kernel driver vulnerability to achieve local mention right-vulnerability warning-the black bar safety net

A few days ago I was in win10pcap drive found in a coin can be local to mention the right vulnerability, when it had been reported to the official, now you can update to get a fix. http://www.win10pcap.org/download/ At the request of many friends request, then the sample exploit posted for everyo...

The vulnerability of the Windows Embedded Standard 2009 operating system, which allows a perpetrator to trigger a service failure

The Windows Embedded Standard 2009 operating system contains a vulnerability in the kernel mode driver rdpwd.sys, located in the S:\Windows\System32 directory. This driver does not handle dynamic memory correctly, as it is allocated for storing array elements. Using specially crafted requests sen...

Microsoft Windows Win32k Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows kernel mode driver and can be exploited by an attacker to run arbitrary code in kernel mode...

Nexus Security Bulletin—August 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48I or later address these issues. Partners were...

The vulnerability of the Windows operating system, which allows a perpetrator to gain access to protected information

The vulnerability of kernel-level drivers in the Windows operating system is related to the lack of protection for privileged data. Exploiting this vulnerability can allow a local attacker to gain access to protected information through a specially crafted application...

Oracle solaris DHCP Server Component Denial of Service Vulnerability

Oracle solaris is a unix operating system. A security vulnerability in the Oracle solaris kernel domain virtualization NIC driver component allows local attackers to exploit the vulnerability to crash the system...

Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2015-04663)

Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. A security vulnerability exists in the win32k.sys file in the kernel-mode driver for Microsoft Windows. A local attacker can exploit this vulnerability to gain privilege...

Hacking Team attack code analysis Part 3 : the Adobe Font Driver kernel driver elevation of privilege vulnerability-vulnerability warning-the black bar safety net

In order to in IE and Chrome bypassing its sandbox mechanism to completely control the user's system, Hacking Team also utilizes a Windows kernel driver: the Adobe Font Driveratmfd.dllin the presence of a font 0day vulnerability to achieve privilege escalation and bypass the sandbox mechanism. Th...

Microsoft Windows - ClientCopyImage Win32k (MS15-051) (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows ClientCopyImage Win32k Exploit', 'Description' = %q Thi...

In-Console-Able

Posted by James Forshaw, giving the security community a shoulder to cry on. TL;DR; this blog post describes an unfixed bug in Windows 8.1 which allows you to escape restrictive job objects in order to help to develop a sandbox escape chain in Chrome or similar sandboxes. If you’re trying to...