Page 32 of 213 results (0.054 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? ... El método IsDriveLetterAvailable en Driver/Ntdriver.c en TrueCrypt 7.0, Veracrypt en versiones anteriores a la 1.15 y CipherShed, cuando se ejecuta en Windows, no valida correctamente los enlaces simbólicos de las letras de las unidades de disco, lo que permite a los usuarios locales montar un volumen cifrado en una letra de unidad existente y obtener privilegios mediante una entrada en el directorio /GLOBAL??. The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic link creation facilities to remap the main system drive. • https://www.exploit-db.com/exploits/38403 http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html http://www.openwall.com/lists/oss-security/2015/09/22/7 http://www.openwall.com/lists/oss-security/2015/09/24/3 https://code.google.com/p/google-security-research/issues/detail? • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability." Vulnerabilidad en Adobe Type Manager Library en Microsoft Windows 10, permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Font Driver Elevation of Privilege Vulnerability.' • https://www.exploit-db.com/exploits/38198 http://www.securityfocus.com/bid/76592 http://www.securitytracker.com/id/1033485 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 12%CPEs: 12EXPL: 1

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512. Vulnerabilidad en Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10, permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Font Driver Elevation of Privilege Vulnerability,' una vulnerabilidad diferente a CVE-2015-2512. The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts. • https://www.exploit-db.com/exploits/38279 http://www.securityfocus.com/bid/76591 http://www.securitytracker.com/id/1033485 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 1%CPEs: 12EXPL: 1

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2517, CVE-2015-2518, and CVE-2015-2546. Vulnerabilidad en el controlador kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold and 8.1 y Windows 10, permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Win32k Memory Corruption Elevation of Privilege Vulnerability,' una vulnerabilidad diferente a CVE-2015-2517, CVE-2015-2518 y CVE-2015-2546. The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability. • https://www.exploit-db.com/exploits/38276 http://www.securityfocus.com/bid/76597 http://www.securitytracker.com/id/1033485 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 12%CPEs: 12EXPL: 2

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507. Vulnerabilidad en Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10, permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Font Driver Elevation of Privilege Vulnerability,' una vulnerabilidad diferente a CVE-2015-2507. The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt. • https://www.exploit-db.com/exploits/38307 https://www.exploit-db.com/exploits/38280 http://www.securityfocus.com/bid/76589 http://www.securitytracker.com/id/1033485 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097 • CWE-264: Permissions, Privileges, and Access Controls •