Windows | Core Security

An elevation of privilege vulnerability exists when MSI packages process symbolic links.

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting unprotected COM calls.

The CorsairLLAccess64.sys driver before 3.25.60 in CORSAIR iCUE exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.

This module uses ioctls to Read/Write to/from IO Ports and generate a reboot

This module triggers a memory corruption vulnerability in the Remote Desktop Service by sending a malformed packet.

Delta Automation CNCSoft Screen Editor is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .DPB document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits an OS command injection vulnerability in Apache Solr, via the Velocity Template.

Tenable found an unauthenticated remote code execution vulnerability in the SolarWinds Dameware Remote Mini Remote Client Agent Service (DWRCS.exe) version 12.1.0.89.

This module triggers a use after free vulnerability in the Remote Desktop Service by sending a malformed packet.

Subscribe to Windows

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum