CVSS: 5.5EPSS: 1%CPEs: 12EXPL: 2CVE-2015-0010 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0010
11 Feb 2015 — The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass in... • https://www.exploit-db.com/exploits/37098 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 2%CPEs: 12EXPL: 1CVE-2015-0060 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0060
11 Feb 2015 — The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." El mape... • https://www.exploit-db.com/exploits/37098 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 50%CPEs: 3EXPL: 6CVE-2014-4076 – Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)
https://notcve.org/view.php?id=CVE-2014-4076
11 Nov 2014 — Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." Microsoft Windows Server 2003 SP2 permite a usuarios locales ganar privilegios a través de una llamada IOCTL manipulada a (1) tcpip.sys o (2) tcpip6.sys, también conocido como 'vulnerabilidad de elevación de privilegios de TCP/IP.' A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys, can ... • https://packetstorm.news/files/id/130257 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2014-4973 – ESET Windows Products 7.0 Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4973
20 Aug 2014 — The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. ... ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability. • http://seclists.org/fulldisclosure/2014/Aug/52 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 26%CPEs: 1EXPL: 16CVE-2014-4971 – Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4971
21 Jul 2014 — Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem. Microsoft Windows XP SP3 no valida direcciones en ciertas rutinas del manejador IRP, lo que permite a... • https://packetstorm.news/files/id/127618 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 6%CPEs: 63EXPL: 4CVE-2014-2477 – Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-2477
15 Jul 2014 — A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. • https://packetstorm.news/files/id/127474 •
CVSS: 7.8EPSS: 44%CPEs: 11EXPL: 4CVE-2014-1767 – Microsoft Windows AFD.SYS Dangling Pointer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-1767
08 Jul 2014 — Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." Vulnerabili... • https://packetstorm.news/files/id/135795 • CWE-415: Double Free •
CVSS: 7.8EPSS: 4%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
31 Jul 2013 — The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Ser... • https://www.exploit-db.com/exploits/27191 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
31 Jul 2013 — Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el ... • http://pastebin.com/RcS2Bucg • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 2CVE-2013-0109 – Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-0109
08 Apr 2013 — The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. El controlador NVIDIA anterior a v307.78, y Release v310 anterior a v311.00, en el controlador del servicio NVIDIA Display en Windows, no controla correctamente las excepciones, lo que permite a usuarios locales cons... • https://packetstorm.news/files/id/124465 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •