An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Local DCOM DCE/RPC connections can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. In order to successfully exploit this vulnerability, the source agent must be running in the context of a Windows service application, as the module require special permissions to create a new agent with elevated privileges.
This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call.
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from ioctl 0x00226003.
This module exploits a vulnerability in various GIGABYTE and AORUS branded utilities. The low level access drivers at the core of these utilities expose dangerous functionality to low privilege processes, a local attacker can read/write arbitrary kernel memory, which can be leveraged to elevate privileges.
This module exploits an uninitialised stack variable vulnerability in "Fortishield.sys" by calling to DeviceIoControl function using IOCTL 0x220028 and 0x22608C with crafted parameters.
The vulnerability was a buffer overflow in Dokany kernel mode file system driver used by Google.