Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU Exploit

Exploit for windows platform in category dos / poc Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against cache signing has been...

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU

Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against cache signing has been mitigated through NtSetCachedSigningLevel it’s...

Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU

Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against...

Code injection

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to 1 cause a denial of service crash and possibly gain privileges via the NtCreateSection kernel SSDT hook or 2 cause a denial of...

CVE-2007-5043

The CVE-2007-5043 entry affects Kaspersky Internet Security 7.0.0.125, where the kernel driver layer (kylif.sys) does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers. This insecure handling enables local attackers to cause a denial of service (...

CVE-2007-5043

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to 1 cause a denial of service crash and possibly gain privileges via the NtCreateSection kernel SSDT hook or 2 cause a denial of...

Code injection

cmdmon.sys in Comodo Firewall Pro formerly Comodo Personal Firewall 2.4.16.174 and earlier does not validate arguments that originate in user mode for the 1 NtCreateSection, 2 NtOpenProcess, 3 NtOpenSection, 4 NtOpenThread, and 5 NtSetValueKey hooked SSDT functions, which allows local users to...

[Full-disclosure] Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability

Hello, We would like to inform you about a vulnerability in Comodo Firewall Pro. Description: Comodo Firewall Pro former Comodo Personal Firewall hooks many functions in SSDT and in at least seven cases it fails to validate arguments that come from the user mode. User calls to NtConnectPort CFP...

CVE-2006-3074

KVE-2006-3074 affects Kaspersky Internet Security 6.0/7.0 and KAV 6.0/7.0 (Windows Workstations/Servers). The vulnerability arises from insufficient validation of parameters to hooked system calls (NtCreateKey, NtCreateProcess, NtCreateProcessEx, NtCreateSection, NtCreateSymbolicLinkObject, NtCre...

Microsoft Windows - Telephony Service Command Execution (MS05-040)

Microsoft Windows - Telephony Service Command Execution MS05-040 // by Cesar Cerrudo - Argeniss - www.argeniss.com // // TAPI Vulnerability- MS05-040 // // Should work on Win2k sp0,sp1,sp2,sp3,sp4 any language // If Telephony Service is not running you can start it by net start "Telephony Service...