Privilege escalation

An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security Consumer 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the...

VMware Workstation ghi update Null Pointer Dereference Denial of Service Vulnerability

This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability. The specific flaw exists within the ghi.guest.trayIcon.update...

Micro Focus Client for Open Enterprise Server Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Micro Focus Client for Open Enterprise Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the access...

Hewlett Packard Enterprise Universal CMDB Product Installation File Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privilege on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Microsoft Windows Palette Object Race Condition Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32k.sys...

Microsoft Windows Palette Object Race Condition Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32k.sys...

Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

Microsoft Windows EngLockSurface Time-Of-Check Time-Of-Use Race Condition Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The specific flaw exists within JPEG2000 parsing. The...

VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The specific flaw exists within the Shader...

Microsoft Edge XAML File Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of XA...

Microsoft Windows CLFS Driver Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...

Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Messaging Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

Apple iTunes iPodService Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...

(Pwn2Own) Microsoft Windows basicrender WarpKMEscape Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Apple OS X IOReportUserClient Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Trend Micro Maximum Security tmusa Time-Of-Check/Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privilege on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...