Kernel Streaming Service Driver Elevation of Privilege Vulnerability
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
PowerShell Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations.
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This impacts DLO server and client installations.
Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function.
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there.
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Azure Monitor Agent Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.
Secure Boot Security Feature Bypass Vulnerability
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
Microsoft Office Elevation of Privilege Vulnerability
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.
Windows Update Stack Elevation of Privilege Vulnerability
Windows NT OS Kernel Elevation of Privilege Vulnerability
Sysinternals PsExec Elevation of Privilege Vulnerability
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.
<p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.</p> <p>To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.</p>
Windows Remote Access Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.</p>
Windows Remote Access Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows Event System handles objects in memory.</p>
Azure Sphere Elevation of Privilege Vulnerability
Azure Sphere Tampering Vulnerability
Windows Backup Engine Elevation of Privilege Vulnerability
Windows Remote Access Elevation of Privilege Vulnerability
Windows Kernel Local Elevation of Privilege Vulnerability
<p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.</p> <p>An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.</p> <p>The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.</p>
Azure Sphere Unsigned Code Execution Vulnerability