The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via MmMapIoSpace().
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
This module exploits the mechanism used by .NET Framework to activate COM objects and installs an agent with SYSTEM privileges.
This module exploits an OS command injection vulnerability in Pydio Cells. The lack of sanitisation for the input of the mailer configuration could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.
Open-AudIT is vulnerable to an authenticated php file upload, allowing attackers to execute arbitrary php code in the system.
The 'recentVersion' explude_ip parameter in the discoveries endpoint is vulnerable to OS Command Injection, this module exploits this vulneravility in order to install an agent
This module uses an unauthenticated java deserialization vulnerability via JSONWS in Liferay Portal to upload and execute a java class file to gain arbitrary code execution on the affected system.