23 matches found
Exploit for Improper Input Validation in Microsoft
Moni...
Exploit for Improper Input Validation in Microsoft
Moniker Link CVE-2024-21413 Exploit Demo This repository co...
Exploit for Improper Input Validation in Microsoft
Email exploit Moniker Link-CVE-2024-21413-Module — Documentati...
Exploit for Improper Input Validation in Microsoft
🛡️ Moniker Link CVE-2024-21413 Room: Moniker Link C...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broke...
Microsoft Windows URL Moniker Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. Interaction with a particular library is required to exploit this vulnerability but specific attack vectors may vary. The specific flaw exists within the implementation o...
Microsoft Office - Composite Moniker Remote Code Execution Exploit
Exploit for windows platform in category local exploits What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the...
Microsoft Office - Composite Moniker Remote Code Execution
Microsoft Office - Composite Moniker Remote Code Execution What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using th...
Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability
Overview The Microsoft .NET framework fails to properly parse WSDL content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The PrintClientProxy method in the WSDL-parsing component of the Microsoft .NET framework fails to properly...
Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net
The so-called CVE-2017-8570 sample Last week, 360 days eye lab found foreign hackers on Github released a CVE-2017-8570 exploits code, but then deleted, in order to find quite a few labeled as CVE-2017-8570 Office malware samples, such as the following VirusTotal is marked as CVE-2017-8570 sample...
Microsoft Windows COM Session Moniker Privilege Escalation Exploit
Microsoft Windows has a bad fix for the COM session moniker that can allow for elevation of privilege. Windows: Bad Fix for COM Session Moniker EoP CVE-2017-0298 Windows: Bad Fix for COM Session Moniker EoP So.... The previous fix for CVE-2017-0100 sounds wrong on the face of it. Rather than fixi...
Judy Android Malware Infects Over 36.5 Million Google Play Store Users
Security researchers have claimed to have discovered possibly the largest malware campaign on Google Play Store that has already infected around 36.5 million Android devices with malicious ad-click software. The security firm Checkpoint on Thursday published a blog post revealing more than 41...
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Microsoft Windows - Running Object Table Register ROTFLAGSALLOWANYCLIENT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGSALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or Window...
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGSALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: By setting an appropriate AppID it’s possible for a...
Spread banking Trojan the Office 0day Vulnerability(CVE-2017-0199)technical analysis-vulnerability warning-the black bar safety net
Vulnerability overview Microsoft in 4 months of routine patch of 4 on 12, the A Office remote command execution vulnerability, CVE-2017-0199 for the repair, but in fact in the patch before the release there has been more use of this vulnerability in the wild is found, which contains the...
Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
Overview Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type, which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE uses the URL Moniker to processes remotely-linked content in ...
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012) Exploit
Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object using the session...
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
Microsoft Windows - COM Session Moniker Privilege Escalation MS17-012 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object usi...
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object using the session moniker the DCOM activator doesn’t check if the current...