19 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versión 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podría permitir a un atacante hacerse pasar por una librería y modificarla para ejecutar código en el sistema y, en última instancia, escalar privilegios en un sistema afectado. • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132 https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1 • CWE-427: Uncontrolled Search Path Element •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity. • https://www.zerodayinitiative.com/advisories/ZDI-23-1474 • CWE-863: Incorrect Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. By creating a symbolic link, an attacker can abuse the service to create arbitrary namespace objects. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1475 • CWE-706: Use of Incorrectly-Resolved Name or Reference •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. Múltiples vulnerabilidades de secuestro de DLL por medio de los componentes instup.exe y wsc_proxy.exe en Avast Premium Security versiones anteriores a v21.11.2500, permite a atacantes ejecutar código arbitrario o causar una Denegación de Servicio (DoS) por medio de un archivo DLL diseñado • https://forum.avast.com/index.php?topic=318305.0 https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST2 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. Una vulnerabilidad de escritura de archivos arbitrarios en Avast Premium Security versiones anteriores a 21.11.2500 (compilación 21.11.6809.528) permite a atacantes causar una Denegación de Servicio (DoS) por medio de un archivo DLL diseñado • https://forum.avast.com/index.php?topic=317641.0 https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1 • CWE-426: Untrusted Search Path •