This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket.

A local attacker could use this to access privileged socket APIs and obtain administrator privileges.

This update adds an exploit which implements the Rotten Potato technique to perform a Local Privilege Escalation.



It leverages on local DCOM DCE/RPC connections that can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.

This module exploits a vulnerability in various ASUS and 3rd party branded utilities. The low level access drivers at the core of these utilities expose dangerous functionality to low privilege processes, a local attacker can read/write arbitrary kernel memory, which can be leveraged to elevate privileges.

This module exploits a vulnerability in various GIGABYTE and AORUS branded utilities. The low level access drivers at the core of these utilities expose dangerous functionality to low privilege processes, a local attacker can read/write arbitrary kernel memory, which can be leveraged to elevate privileges.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.

In VirIT eXplorer Anti-Virus, the VIAGLT64.SYS driver file contains an Arbitrary Write vulnerability, and can be exploited to elevate privileges from a local account to SYSTEM.

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.

This module exploits a vulnerability in various ASROCK utilities. The low level access drivers at the core of these utilities expose dangerous functionality to low privilege processes, a local attacker can read/write arbitrary kernel memory, which can be leveraged to elevate privileges.