CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28267 – Remote Desktop Protocol Client Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28267
Remote Desktop Protocol Client Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under control of an attacker. The specific flaw exists within the Remote Desktop client. A crafted audio packet can trigger access to memory prior to initialization. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the Remote Desktop client process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267 • CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-1188 – FabulaTech Webcam for Remote Desktop IoControlCode ftwebcam.sys 0x222018 denial of service
https://notcve.org/view.php?id=CVE-2023-1188
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is the function 0x222018 in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. • https://drive.google.com/file/d/1_gVQtfbpywhh8Z6g4Y03Qg7UT3Aobz2e/view?usp=sharing https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1188 https://vuldb.com/?ctiid.222360 https://vuldb.com/?id.222360 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1187 – FabulaTech Webcam for Remote Desktop Global Variable ftwebcam.sys denial of service
https://notcve.org/view.php?id=CVE-2023-1187
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1187 https://vuldb.com/?ctiid.222359 https://vuldb.com/?id.222359 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1186 – FabulaTech Webcam for Remote Desktop IOCTL ftwebcam.sys 0x222018 null pointer dereference
https://notcve.org/view.php?id=CVE-2023-1186
A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186 https://vuldb.com/?ctiid.222358 https://vuldb.com/?id.222358 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-41121 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41121
Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Windows Graphics Component. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the StretchBlt graphics primitive. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121 •