CVE-2016-7225 – Microsoft Windows - VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation (MS16-138)
https://notcve.org/view.php?id=CVE-2016-7225
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." Virtual Hard Disk Driver en Windows 10 Gold, 1511 y 1607 y Windows Server 2016 no restringe adecuadamente el acceso a archivos, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "VHD Driver Elevation of Privilege Vulnerability". • https://www.exploit-db.com/exploits/40764 http://www.securityfocus.com/bid/94016 http://www.securitytracker.com/id/1037248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138 • CWE-284: Improper Access Control •
CVE-2016-7224 – Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)
https://notcve.org/view.php?id=CVE-2016-7224
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." Virtual Hard Disk Driver en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 no restringe adecuadamente el acceso a archivos, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "VHD Driver Elevation of Privilege Vulnerability". The VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to. • https://www.exploit-db.com/exploits/40765 http://www.securityfocus.com/bid/94017 http://www.securitytracker.com/id/1037248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138 • CWE-284: Improper Access Control •
CVE-2016-7226 – Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138)
https://notcve.org/view.php?id=CVE-2016-7226
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." Virtual Hard Disk Driver en Windows 10 Gold, 1511 y 1607 y Windows Server 2016 no restringe adecuadamente el acceso a archivos, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "VHD Driver Elevation of Privilege Vulnerability". The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege. • https://www.exploit-db.com/exploits/40763 http://www.securityfocus.com/bid/94018 http://www.securitytracker.com/id/1037248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138 • CWE-284: Improper Access Control •
CVE-2016-7255 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-7255
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." Los controladores kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Win32k Elevation of Privilege Vulnerability". The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135. Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. • https://www.exploit-db.com/exploits/40745 https://www.exploit-db.com/exploits/41015 https://www.exploit-db.com/exploits/40823 https://github.com/FSecureLABS/CVE-2016-7255 https://github.com/heh3/CVE-2016-7255 https://github.com/homjxi0e/CVE-2016-7255 https://github.com/yuvatia/page-table-exploitation https://github.com/bbolmin/cve-2016-7255_x86_x64 http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild http://pack • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-8807 – NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9
https://notcve.org/view.php?id=CVE-2016-8807
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges. Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 en versiones anteriores a 342.00 y R375 en versiones anteriores a 375.63 contiene una vulnerabilidad en el controlador de la capa de modo del kernel (nvlddmkm.sys) para DxgDdiEscape ID 0x10000e9 donde un valor pasado de un usuario al controlador es utilizado sin validación al tiempo que el tamaño de la entrada a memcpy() provoca un desbordamiento de búfer basado en pila, conduciendo a una denegación de servicio o potencial escalada de privilegios. • https://www.exploit-db.com/exploits/40668 http://nvidia.custhelp.com/app/answers/detail/a_id/4247 http://www.securityfocus.com/bid/94002 https://support.lenovo.com/us/en/solutions/LEN-10822 • CWE-264: Permissions, Privileges, and Access Controls •