CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30138 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-30138
Windows Print Spooler Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Print Spooler. Este ID de CVE es diferente de CVE-2022-29104, CVE-2022-29132 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler service. By creating a symbolic link, an attacker can cause the service to load an arbitrary DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30138 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 6CVE-2022-29072
https://notcve.org/view.php?id=CVE-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur **EN DISPUTA** 7-Zip hasta la versión 21.07 en Windows permite la escalada de privilegios y la ejecución de comandos cuando se arrastra un archivo con la extensión .7z al área de Ayuda>Contenido. Esto es causado por una mala configuración de 7z.dll y un desbordamiento de la pila. • https://github.com/kagancapar/CVE-2022-29072 https://github.com/tiktb8/CVE-2022-29072 https://github.com/sentinelblue/CVE-2022-29072 https://github.com/rasan2001/CVE-2022-29072 http://packetstormsecurity.com/files/166763/7-Zip-21.07-Code-Execution-Privilege-Escalation.html https://news.ycombinator.com/item?id=31070256 https://sourceforge.net/p/sevenzip/bugs/2337 https://www.youtube.com/watch?v=sT1cvbu7ZTA • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2022-26919 – Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26919
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Windows LDAP • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26919 •
CVSS: 7.8EPSS: 23%CPEs: 20EXPL: 0CVE-2022-26918 – Windows Fax Compose Form Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26918
Windows Fax Compose Form Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Windows Fax Compose Form. Este ID de CVE es diferente de CVE-2022-26916, CVE-2022-26917 • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26918 •
CVSS: 7.8EPSS: 23%CPEs: 20EXPL: 0CVE-2022-26917 – Windows Fax Compose Form Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26917
Windows Fax Compose Form Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Windows Fax Compose Form. Este ID de CVE es diferente de CVE-2022-26916, CVE-2022-26918 • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26917 •