PT-2020-4256 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An elevation of privilege issue exists due to the Windows kernel's improper handling of objects in memory. This could allow an attacker to run arbitrary code in kernel mode, enabling them t...

PT-2020-4267 · Microsoft · Windows Installer +1

Name of the Vulnerable Software and Affected Versions: Windows Installer affected versions not specified Description: The issue exists due to insufficient input validation in the Windows Installer, leading to insecure library loading behavior. A locally authenticated attacker could exploit this t...

Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Graphics Device Interface is a graphics device interface function of Microsoft. Th...

The vulnerability of the Windows Media Foundation component in Windows operating systems allows attackers to gain privileges to install programs, view, modify, or delete data, as well as create new user accounts with full user rights.

The vulnerability of the Windows Media Foundation component in Windows operating systems arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow attackers to gain control over programs, access data, modify or delete data, and create new user account...

The vulnerability of the Windows Media Foundation component in Windows operating systems allows attackers to install programs, view, modify, or delete data with the privileges of a legitimate user.

The vulnerability of the Windows Media Foundation component in Windows operating systems arises from operations that occur outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to install programs, view, modify, or delete data with the privileges of a legitimate use...

The vulnerability of the Windows Media Foundation component in Windows operating systems allows attackers to install programs, view, modify, or delete data with the privileges of a legitimate user.

The vulnerability of the Windows Media Foundation component in Windows operating systems arises from operations that occur outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to install programs, view, modify, or delete data with the privileges of a legitimate use...

CVE-2020-1477

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

The vulnerability of the DirectX component of the Windows operating system allows attackers to install programs, view, modify, or delete data with the privileges of a legitimate user.

The vulnerability of the DirectX component of the Windows operating system is related to incorrect handling of objects in memory. Exploiting this vulnerability allows an attacker to install programs, view, modify, or delete data with the privileges of a legitimate user, using a specially created...

The vulnerability of the Microsoft RMS Sharing App for Mac operating systems lies in its insecure management of privileges. This allows a malicious user to install programs, view, modify, or delete data with the rights of an authorized user.

The vulnerability of the Microsoft RMS Sharing App for Mac operating systems lies in the insecure management of privileges. Exploiting this vulnerability could allow a malicious individual to install programs, view, modify, or delete data with the rights of an authorized user...

Vulnerability in OpenSSL - Windows builds with insecure path defaults

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the –prefix / –openssldir configuration options. For OpenSSL versions...

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

MS15-004: Description of the security update for Windows 7 and Windows Server 2008 R2 if the Remote Desktop Connection 8.1 client update is installed: January 13, 2015

MS15-004: Description of the security update for Windows 7 and Windows Server 2008 R2 if the Remote Desktop Connection 8.1 client update is installed: January 13, 2015 Summary This security update resolves a privately reported vulnerability in the TS WebProxy component in Windows 7 and Windows...

Privilege escalation

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine ME protections. This could result in a denial of service or privilege escalation attack...

The vulnerability of the Windows operating system, which allows a malicious individual to increase their privileges

A vulnerability that allows for increased privileges exists in the Windows operating system and is related to incorrect file comparison. If exploited successfully, a malicious individual will be able to execute arbitrary code within the Local System account. They will also be able to install...

CVE-2014-5453

Ubisoft Uplay PC before 4.6.1.3217 use weak permissions Everyone: Full Control for the program installation directory %PROGRAMFILES%\Ubisoft Game Launcher, which allows local users to gain privileges via a Trojan horse file...

Microsoft Windows CSRSS ConsoleNumberOfCommand Code Execution (MS11-056; CVE-2011-1283)

An elevation of privilege vulnerability has been reported in Windows CSRSS. Remote attackers can exploit this vulnerability to run arbitrary code in kernel mode. Successful exploitation may enable an attacker to install programs; view, change, or delete data; or create new accounts with full user...

Microsoft Windows DFS PathConsumed Code Injection (MS11-042; CVE-2011-1868)

This is a remote code execution vulnerability. The vulnerability is caused by the Microsoft Distributed File System DFS implementation improperly validating all fields within specially crafted DFS responses. An attacker who successfully exploited this vulnerability could take complete control of ...

Microsoft Windows SMB缓冲区下溢漏洞（MS08-063）

BUGTRAQ ID: 31647 CVECAN ID: CVE-2008-4038 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft服务器消息块（SMB）协议处理特制文件名的方式中存在一个缓冲区下溢漏洞。利用该漏洞要求进行认证，因为只有当共享类型为磁盘时才可访问有漏洞的函数。成功利用此漏洞的攻击者可以安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft...

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution 948590 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these...

CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."...