-privilege-escalation-part-2/
Cheers,
@kyREcon
Kyriakos Economou
Senior Vulnerability Researcher
T: 0345 520 0085
E: kecono...@nettitude.com
UK: 1 Jephson Court, Tancred Cl, Leamington Spa, CV31 3RZ
[cid:image002.png@01D5B106.E858C6F0
We recently identified a vulnerability in the digitally signed
Bitdefender GravityZone installer.
The vulnerability allows an attacker to execute malicious code without
breaking the original digital signature, and without embedding anything
malicious into the installer itself.
This means
We have recently disclosed a list of vulnerabilities to Sophos that
allow local attackers to elevate their privileges and execute code in
the security context of the SYSTEM user account.
Affected Products:
SafeGuard Enterprise 8.00.4 and earlier (Fix: install 8.00.5)
SafeGuard Easy 7.00.2.35
Note: These vulnerabilities remain unpatched at the point of
publication. We have been working with Symantec to try and help them to
fix this since our initial private disclosure in July 2017 (full
timeline at the end of this article), however no patch has yet been
released. Consequently, we
TL;DR: Abusing enabled token privileges through a kernel exploit to gain EoP it
won’t be enough anymore as from NT kernel version 10.0.15063 they are ‘checked’
against the privileges present in the token of the calling process. So you will
need two writes.
URL:
NDI5aster – Privilege Escalation through NDIS 5.x Filter Intermediate Drivers
ABSTRACT
The Network Driver Interface Specification (NDIS) [11] provides a
programming interface specification that facilitates from the network
driver architecture perspective the communication between a protocol
* CVE: CVE-2015-8773
* Vendor: McAfee - Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly
* CVE: CVE-2015-8772
* Vendor: McAfee - Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
* Fixed Version: N/A
Description:
McAfee File Lock Driver does not handle correctly
* CVE: CVE-2015-8772
* Vendor: McAfee - Intel Security
* Reported by: Kyriakos Economou
* Date of Release: 26/01/2016
* Date of Fix: N/A
* Affected Products: Multiple
* Affected Version: McPvDrv.sys v4.6.111.0
CVE: CVE-2015-1438
Vendor: Panda Security
Product: Multiple Products
Affected version: 1.0.0.13 (PSKMAD.sys driver version)
Fixed version: 15.1.0 (Products Version)
Reported by: Kyriakos Economou
Details:
Panda Kernel Memory Access Driver doesn’t validate the size of data
to be copied
10 matches
Mail list logo