The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapIoSpace().
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
This module exploits the mechanism used by .NET Framework to activate COM objects and installs an agent with SYSTEM privileges.
A Race Condition bug exists in SearchIndexer.exe, and can be triggered by the access to a shared variable between two different methods of the same instance.
The ene.sys driver before v1.00.17 in Trident Z Lighting Control exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.
The BITS service exposes functionality that allows low-privileged users to write arbitrary files and elevate system privileges.
The update functionality of the Cisco AnyConnect Secure Mobility Client for Windows is affected by a path traversal vulnerability that allows local attackers to create/overwrite files on arbitrary locations and gain system privileges with an uncontolled serach path vulnerability.
The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapLockedPages and MmBuildMdlForNonPagedPool.