Lucene search
K

8 matches found

CNVD
CNVD
added 2017/03/16 12:0 a.m.3 views

Microsoft Windows Kernel 'Win32k.sys' local boost vulnerability (CNVD-2017-03631)

Microsoft Windows is an operating system developed by the American company Microsoft. A local lift vulnerability exists in the Microsoft Windows Kernel 'Win32k.sys'. An attacker can exploit this vulnerability to execute arbitrary code with kernel privileges...

7.8CVSS7.4AI score0.0139EPSS
Exploits0References1
GoogleProjectZero
GoogleProjectZero
added 2016/11/29 12:0 a.m.9 views

Breaking the Chain

Posted by James Forshaw, Wielder of Bolt Cutters. Much as we’d like it to be true, it seems undeniable that we’ll never fix all security bugs just by looking for them. One of most productive ways to dealing with this fact is to implement exploit mitigations. Project Zero considers mitigation work...

7.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2016/04/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...

7.8CVSS6AI score0.08661EPSS
Exploits2References1
CNVD
CNVD
added 2015/06/10 12:0 a.m.4 views

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2015-03730)

Microsoft Windows is a popular operating system. An elevation of privilege vulnerability exists in Microsoft Windows Kernel 'Win32k.sys', which allows local attackers to exploit the vulnerability to elevate privileges...

8.8CVSS6.8AI score0.14958EPSS
Exploits0References1
GoogleProjectZero
GoogleProjectZero
added 2014/10/20 12:0 a.m.29 views

Did the “Man With No Name” Feel Insecure?

Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...

7.5CVSS7.8AI score0.00987EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2013/12/07 12:0 a.m.5 views

PT-2013-6224 · Microsoft · Windows Server 2008 R2

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Server 2008 SP2 Description: The IsHandleEntrySecure function in win32k.sys does not properly validate the tagPROCESSINFO pW32Job field, allowing local users to cause a denial of service via a crafted...

4CVSS6.8AI score0.01957EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2011/11/04 9:0 p.m.2 views

CVE-2011-3402

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary...

7.4AI score0.78285EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2011/02/08 12:0 a.m.6 views

PT-2011-2079 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista versions SP1 and SP2 Windows Server 2008 versions Gold, SP2, and R2 Windows 7 affected versions not specified Description: The issue arises from improper validation...

7.2CVSS6.8AI score0.01676EPSS
Exploits0References9
Rows per page
Query Builder