[FD] CVE-2019-12750 - Exploitation Write-ups

-privilege-escalation-part-2/ Cheers, @kyREcon Kyriakos Economou Senior Vulnerability Researcher T: 0345 520 0085 E: kecono...@nettitude.com UK: 1 Jephson Court, Tancred Cl, Leamington Spa, CV31 3RZ [cid:image002.png@01D5B106.E858C6F0

[FD] CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution

We recently identified a vulnerability in the digitally signed Bitdefender GravityZone installer. The vulnerability allows an attacker to execute malicious code without breaking the original digital signature, and without embedding anything malicious into the installer itself. This means

[FD] Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.

We have recently disclosed a list of vulnerabilities to Sophos that allow local attackers to elevate their privileges and execute code in the security context of the SYSTEM user account. Affected Products: SafeGuard Enterprise 8.00.4 and earlier (Fix: install 8.00.5) SafeGuard Easy 7.00.2.35

[FD] Symantec Encryption Desktop & Endpoint Encryption Local Privilege Escalation - Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS

Note: These vulnerabilities remain unpatched at the point of publication. We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (full timeline at the end of this article), however no patch has yet been released. Consequently, we

[FD] nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect

TL;DR: Abusing enabled token privileges through a kernel exploit to gain EoP it won’t be enough anymore as from NT kernel version 10.0.15063 they are ‘checked’ against the privileges present in the token of the calling process. So you will need two writes. URL:

[FD] NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers

NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers ABSTRACT The Network Driver Interface Specification (NDIS) [11] provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol

[FD] McAfee File Lock Driver - Kernel Stack Based BOF

* CVE: CVE-2015-8773 * Vendor: McAfee - Intel Security * Reported by: Kyriakos Economou * Date of Release: 26/01/2016 * Date of Fix: N/A * Affected Products: Multiple * Affected Version: McPvDrv.sys v4.6.111.0 * Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly

[FD] McAfee File Lock Driver - Kernel Memory Leak

* CVE: CVE-2015-8772 * Vendor: McAfee - Intel Security * Reported by: Kyriakos Economou * Date of Release: 26/01/2016 * Date of Fix: N/A * Affected Products: Multiple * Affected Version: McPvDrv.sys v4.6.111.0 * Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly

[FD] McAfee File Lock Driver - Kernel Memory Leak

* CVE: CVE-2015-8772 * Vendor: McAfee - Intel Security * Reported by: Kyriakos Economou * Date of Release: 26/01/2016 * Date of Fix: N/A * Affected Products: Multiple * Affected Version: McPvDrv.sys v4.6.111.0

[FD] CVE-2015-1438 – Panda Security Multiple Products Arbitrary Code Execution

CVE: CVE-2015-1438 Vendor: Panda Security Product: Multiple Products Affected version: 1.0.0.13 (PSKMAD.sys driver version) Fixed version: 15.1.0 (Products Version) Reported by: Kyriakos Economou Details: Panda Kernel Memory Access Driver doesn’t validate the size of data to be copied