CVSS: 9.3EPSS: 60%CPEs: 2EXPL: 1CVE-2017-8487 – Microsoft Windows - 'IOCTL 0x390400_ operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8487
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability." Fue encontrada una Vulnerabilidad en Windows OLE en Windows XP y Windows Server 2003 que permite a un atacante ejecutar código cuando una víctima abre un archivo o programa especialmente creado, también se conoce como "Windows olecnv32.dll Remote Code Execution Vulnerability". • https://www.exploit-db.com/exploits/42211 http://www.securityfocus.com/bid/99013 http://www.securitytracker.com/id/1038702 https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003 •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 4CVE-2015-1305 – McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1305
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL (1) 0x00224014 o (2) 0x0022c018 manipulada. McAfee Data Loss Prevention Endpoint version 9.3.200.23 suffers from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35953 http://packetstormsecurity.com/files/130177/McAfee-Data-Loss-Prevention-Endpoint-Privilege-Escalation.html http://www.exploit-db.com/exploits/35953 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/show/osvdb/117345 https://exchange.xforce.ibmcloud.com/vulnerabilities/100602 https://kc.mcafee.com/corporate/index?page=content&id=SB10097 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2014-7286 – Symantec Altiris Agent 6.9 (Build 648) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-7286
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en AClient en Symantec Deployment Solution 6.9 y anteriores en Windows XP y Server 2003 permite a usuarios locales obtener privilegios a través de vectores sin especificar. • https://www.exploit-db.com/exploits/35964 http://www.securityfocus.com/bid/71727 http://www.securitytracker.com/id/1031421 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 12CVE-2014-4971 – Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4971
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem. Microsoft Windows XP SP3 no valida direcciones en ciertas rutinas del manejador IRP, lo que permite a usuarios locales escribir datos en localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una dirección manipulada en una llamada IOCTL, relacionado con (1) el controlador MQAC.sys en el subsistema MQ Access Control y (2) el controlador BthPan.sys en el subsistema Bluetooth Personal Area Networking. • https://www.exploit-db.com/exploits/34131 https://www.exploit-db.com/exploits/34112 https://www.exploit-db.com/exploits/34982 https://www.exploit-db.com/exploits/34167 http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 96%CPEs: 35EXPL: 1CVE-2014-1776 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1776
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." Vulnerabilidad de uso después de liberación de memoria en Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores relacionados con la función CMarkup::IsConnectedToPrimaryMarkup, tal como fue explotado activamente en abril de 2014. NOTA: este problema se enfatizó originalmente en VGX.DLL, pero Microsoft aclaró que "VGX.DLL no contiene el código vulnerable aprovechado en esta explotación. • http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx http://secunia.com/advisories/57908 http://securitytracker.com/id?1030154 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html http://www.kb.cert.org/vuls/id/222929 http://www.osvdb.org/106311 http://www.securityfocus.com/bid/67075 http://www.signalsec.com/cve-20 • CWE-416: Use After Free •