3 matches found
CVE-2023-29343
CVE-2023-29343 is a confirmed elevation of privilege vulnerability in Microsoft Sysinternals Sysmon for Windows (Sysmon 14.14 affected per PoC). The provided PoC describes an arbitrary file write vulnerability arising from insufficient access restrictions in the Sysmon Windows service: if an Arch...
CVE-2022-41120
Sysmon before 14.13 is affected by an Elevation of Privilege vulnerability (CVE-2022-41120) in the ClipboardChange/RPC path. A locally authenticated user can abuse Sysmon’s RPC/ClipboardChange handling to write/delete files in the C:\Sysmon directory (ArchiveDirectory) and escalate to SYSTEM by r...
CVE-2022-44704
CVE-2022-44704 is a Windows Sysmon (Sysinternals) vulnerability. The root cause is a bug in Sysmon’s ClipboardChange handling via RPC, enabling a user to escalate privileges on the local system. Multiple sources describe it as an elevation of privilege flaw in Sysmon, with PoCs and public advisor...