This module exploits a vulnerability in Sparklabs Viscosity. By abusing a configuration channel between the application and the underlying service, an attacker can trigger the loading of a DLL from a path under his control, gaining SYSTEM privileges.
This module exploits a vulnerability in the IRemUnknown2 COM interface, an attacker can abuse the fact that the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion, which can be leveraged to elevate privileges.
This module exploits a race condition vulnerability in the Linux Kernel via AF_PACKET sockets.
The CG6Service Service has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process.
This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu, a local attacker can trigger a kernel arbitrary right, resulting in elevated privileges.
Samsung Security Manager is prone to a privilege-escalation vulnerability that affects Apache Felix Gogo runtime. Due to an insecure default installation of the runtime, an attacker could then send commands that will be executed by the mentioned runtime. This module uses the previous vulnerability to inject an agent inside lsass.exe process.
This module exploits a vulnerability in Rivatuner's core (Rivatuner*.sys, RTCore*.sys), a driver used by hardware tweaking apps Rivatuner, MSI Afterburner, EVGA Precision X (and possibly others). During app operation, the driver is loaded and used to read and write physical memory, MSR registers, io ports, etc. This module abuses said functionality to escalate privileges.
This module exploits a race condition vulnerability in the Linux Kernel via MAP_PRIVATE COW. The bug relies in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
The vulnerability resides in parsing crafted PowerPoint documents and produces a Buffer Overflow in the stack. This module was tested on the Symantec Endpoint Manager version 12.1.4013.4013. Other versions may be are vulnerable too.