621 matches found
MS14-015: Vulnerabilities in Windows kernel mode driver could allow elevation of privilege: March 11, 2014
MS14-015: Vulnerabilities in Windows kernel mode driver could allow elevation of privilege: March 11, 2014 INTRODUCTION Microsoft has released security bulletin MS14-015. To learn more about this security bulletin: Home users: http://www.microsoft.com/security/pc-security/updates.aspxSkip the...
CVE-2018-0977
The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability"...
CVE-2018-0902
The Cryptography Next Generation CNG kernel-mode driver cng.sys in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, ak...
Security feature bypass
The Cryptography Next Generation CNG kernel-mode driver cng.sys in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, ak...
CVE-2018-0902
CVE-2018-0902 affects the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 (Gold/1511/1607/1703/1709) and Windows Server 2016/1709. The vulnerability arises from how cng.sys validates and enforces impersonation levels, constituting a kernel-mode security feature bypas...
CNG Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the Cryptography Next Generation CNG kernel-mode driver cng.sys when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is...
KB4088782: Windows 10 Version 1703 March 2018 Security Update
The remote Windows host is missing security update 4088782. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this...
KB4088776: Windows 10 Version 1709 and Windows Server Version 1709 March 2018 Security Update
The remote Windows host is missing security update 4088776. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain...
Information disclosure
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...
Code injection
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...
CVE-2017-15303
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...
CVE-2017-15302
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...
CVE-2017-15303
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine while CPU-Z is running can issue an ioctl 0x9C402430 call to the kernel-mode driver e.g., cpuz141x64.sys for version 1.41...
CVE-2017-15302
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...
CVE-2017-15302
CVE-2017-15302 affects CPUID CPU-Z (Windows) up to version 1.81. The root cause is improper access rights to the kernel-mode driver (cpuz143_x64.sys) that allows an arbitrary read of any physical address via ioctl 0x9C402604 and the driver to map any physical page, returning the map page address ...
CVE-2017-15303
CVE-2017-15303 affects CPUID CPU-Z prior to 1.43. The flaw allows an arbitrary memory write via an ioctl 0x9C402430 to the kernel-mode driver (cpuz141_x64.sys for v1.41), enabling local elevation of privileges on the same host. This is a kernel-space write condition originating from userland inte...
CPUID CPU-Z Information Disclosure Vulnerability
CPUID CPU-Z is a free software package for collecting information about system devices. A security vulnerability exists in CPUID CPU-Z version 1.81 and earlier, which stems from the program assigning incorrect access rights to the kernel mode driver. An attacker could exploit the vulnerability to...
CVE-2017-15302
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...
CVE-2017-8689
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to...
CVE-2017-8694
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to...