This module exploits the mechanism used by .NET Framework to activate COM objects and installs an agent with SYSTEM privileges.
A Race Condition bug exists in SearchIndexer.exe, and can be triggered by the access to a shared variable between two different methods of the same instance.
The ene.sys driver before v1.00.17 in Trident Z Lighting Control exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.
The BITS service exposes functionality that allows low-privileged users to write arbitrary files and elevate system privileges.
The update functionality of the Cisco AnyConnect Secure Mobility Client for Windows is affected by a path traversal vulnerability that allows local attackers to create/overwrite files on arbitrary locations and gain system privileges with an uncontolled serach path vulnerability.
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapLockedPages and MmBuildMdlForNonPagedPool.
This can be exploited to execute arbitrary code with System privileges. It is working until KB4497727 and KB4495666 for Windows 10 x64 v1903
The vulnerability was a buffer overflow in Viper RGB driver.
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'