10 matches found
CVE-2023-52271
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...
CVE-2023-52271
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...
PPLBlade - Protected Process Dumper Tool
Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...
SUSE CVE-2015-0001
The Windows Error Reporting WER component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging...
PPLdump - Dump The Memory Of A PPL With A Userland Exploit
This tool implements a userland exploit that was initially discussed by James Forshaw a.k.a. @tiraniddo - in this blog post - for dumping the memory of any PPL as an administrator. I wrote two blog posts about this tool. The first part is about Protected Processes concepts while the second one...
CVE-2019-17093
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process PPL and might bypass some of the self-defense mechanisms. This affects...
Injecting Code into Windows Protected Processes using COM - Part 1
Posted by James Forshaw, Google Project Zero At Recon Montreal 2018 I presented “Unknown Known DLLs and other Code Integrity Trust Violations” with Alex Ionescu. We described the implementation of Microsoft Windows’ Code Integrity mechanisms and how Microsoft implemented Protected Processes PP. A...
Microsoft Windows Error Reporting Security Mechanism Bypass Vulnerability
Microsoft Windows is a family of operating systems from Microsoft. A security bypass vulnerability exists in Microsoft Windows Error Reporting WER that could allow an administrative user to view the contents of process memory protected by "Protected Process Light.", resulting in the disclosure of...
CVE-2015-0001
The Windows Error Reporting WER component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging...
Microsoft Windows Vista protected process protection bypass
It's possible to set or remove process protection...