Lucene search
+L

16 matches found

nvd
nvd
added 2026/07/07 5:16 p.m.11 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS0.0017EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/07/07 4:2 p.m.12 views

CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/07 4:2 p.m.11 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
cve
cve
added 2026/07/07 4:2 p.m.17 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation via the KernCoreLib64.sys kernel driver. An attacker with local access can use exposed IOCTL handlers to perform arbitrary physical memory read/write and unrestricted I/O port operations without administrator privileges. This can enable ma...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
euvd
euvd
added 2026/07/07 4:2 p.m.6 views

EUVD-2026-42053

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/07 4:2 p.m.39 views

CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS0.0017EPSS
Exploits0References2
nvd
nvd
added 2024/01/08 8:15 p.m.20 views

CVE-2023-52271

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...

6.5CVSS6.3AI score0.00325EPSS
Exploits2References2
osv
osv
added 2024/01/08 8:15 p.m.7 views

CVE-2023-52271

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...

6.5CVSS5.8AI score0.00325EPSS
Exploits2References2
kitploit
kitploit
added 2024/01/07 11:30 a.m.43 views

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

7.4AI score
Exploits0References1
susecve
susecve
added 2023/02/15 5:23 a.m.4 views

SUSE CVE-2015-0001

The Windows Error Reporting WER component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging...

1.9CVSS5.9AI score0.02586EPSS
Exploits0References3
kitploit
kitploit
added 2021/06/17 9:30 p.m.156 views

PPLdump - Dump The Memory Of A PPL With A Userland Exploit

This tool implements a userland exploit that was initially discussed by James Forshaw a.k.a. @tiraniddo - in this blog post - for dumping the memory of any PPL as an administrator. I wrote two blog posts about this tool. The first part is about Protected Processes concepts while the second one...

8.1AI score
Exploits0References2
osv
osv
added 2019/10/23 5:15 p.m.4 views

CVE-2019-17093

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process PPL and might bypass some of the self-defense mechanisms. This affects...

7.8CVSS7.1AI score0.0057EPSS
Exploits1References2
googleprojectzero
googleprojectzero
added 2018/10/16 12:0 a.m.115 views

Injecting Code into Windows Protected Processes using COM - Part 1

Posted by James Forshaw, Google Project Zero At Recon Montreal 2018 I presented “Unknown Known DLLs and other Code Integrity Trust Violations” with Alex Ionescu. We described the implementation of Microsoft Windows’ Code Integrity mechanisms and how Microsoft implemented Protected Processes PP. A...

3.3CVSS6AI score0.03109EPSS
Exploits1
cnvd
cnvd
added 2015/01/15 12:0 a.m.7 views

Microsoft Windows Error Reporting Security Mechanism Bypass Vulnerability

Microsoft Windows is a family of operating systems from Microsoft. A security bypass vulnerability exists in Microsoft Windows Error Reporting WER that could allow an administrative user to view the contents of process memory protected by "Protected Process Light.", resulting in the disclosure of...

1.9CVSS6.4AI score0.02586EPSS
Exploits0References1
nvd
nvd
added 2015/01/13 10:59 p.m.33 views

CVE-2015-0001

The Windows Error Reporting WER component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging...

1.9CVSS6.2AI score0.02586EPSS
Exploits0References6
securityvulns
securityvulns
added 2007/04/09 12:0 a.m.43 views

Microsoft Windows Vista protected process protection bypass

It's possible to set or remove process protection...

3.1AI score
Exploits0References1
Rows per page
Query Builder