NotCVE - vendor:Microsoft product:Windows

Page 74 of 14959 results (0.012 seconds)

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-5102 – Elevation of Privelage via symlinked file in Avast Antivirus

https://notcve.org/view.php?id=CVE-2024-5102

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2. Un archivo con enlace simbólico al que se accede a través de la función de reparación en Avast Antivirus <24.2 en Windows puede permitir al usuario elevar privilegios para eliminar archivos arbitrarios o ejecutar procesos como NT AUTHORITY\SYSTEM. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1

CVE-2024-30051 – Microsoft DWM Core Library Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2024-30051

Windows DWM Core Library Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de la librería principal DWM de Windows Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. • https://github.com/fortra/CVE-2024-30051 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

CVE-2024-30049 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2024-30049

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del subsistema kernel de Windows Win32 • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2024-30040 – Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad de la plataforma MSHTML de Windows Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0

CVE-2024-30039 – Windows Remote Access Connection Manager Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2024-30039

Windows Remote Access Connection Manager Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del Administrador de conexión de acceso remoto de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039 • CWE-126: Buffer Over-read •

1...72 73 74 75 76