CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder...

EUVD-2019-7997

Malware in sbrugna...

EUVD-2024-41736

Malicious code in bioql PyPI...

CVE-2022-34008

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder...

CVE-2024-45731

Summary: CVE-2024-45731 affects Splunk Enterprise for Windows prior to 9.3.1, 9.2.3, and 9.1.6. A low-privileged user (not admin/power roles) could write a file to the Windows system root (default System32 location) when Splunk is installed on a separate drive. Root cause / impact: arbitrary file...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

Security researchers have detailed a new variant of a dynamic link library DLL search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages...

Privilege escalation

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder...

CVE-2022-34008

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder...

Comodo Antivirus 后置链接漏洞

Comodo Antivirus is a gaming antivirus from Comodo, Inc. A security vulnerability exists in Comodo Antivirus version 12.2.2.8012 that originates from the ability to restore a malicious DLL from quarantine to a System32 folder using an NTFS directory link. An attacker can exploit this vulnerabilit...

CVE-2020-24955

SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as...

Design/Logic Flaw

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder...

CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder...

CVE-2019-18194

TotalAV 2020 4.14.31 is affected by CVE-2019-18194, a privilege-escalation vulnerability where exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. The vulnerability is supported by multiple sources (Red Hat advisory, CNVD, CVE records,...

Persistence – Time Providers

Windows operating systems are utilizing the time provider architecture in order to obtain accurate time stamps from other network devices or clients in the network. Time providers are implemented in the form of a DLL file which resides in System32 folder. The service W32Time initiates during the...

F-Secure Anti-Virus for Windows system32 Directory Crafted File Detection Bypass

The remote host is running F-Secure Anti-Virus for Windows Servers. According to its version, the installation of this software on the remote host may allow an attacker by bypass antivirus scanning by placing a specially crafted archive or packed executable into the 'system32' folder. Note that...

The history of the most simple Windows System Password rescue-vulnerability warning-the black bar safety net

Forgot Windows login password? On the Internet about solution are numerous, but after trying you will find that many methods are simply not effective, and some may even cause the system to collapse completely. By the author in Windows 2 0 0 0 and Windows XP in the repeated research and testing,...

The history of the easiest Windows password rescue can't login-bug warning-the black bar safety net

Forgot Windows login password? On the Internet about solution are numerous, but after trying you will find that many methods are simply not effective, and some may even cause the system to collapse completely. By the author in Windows 2 0 0 0 and Windows XP in the repeated research and testing,...