Malwarebytes is prone to an arbitrary file deletion (usage of DeleteFileW by MBAMService.exe) running as SYSTEM. This process can be manipulated from a non-admin user because it fails to properly filter the user supplied input while scanning a file, this vulnerability leads to a privilege escalation. This exploit was tested on Windows 10 Pro version 22H2 (OS Build 19045.4412). Versions 19 and below are affected.
eca87917d810bdde90422062bea7bd5546bee077531f56dba38a618f2f1d6611Razer Synapse Service version 1.0.0 suffers from a DLL injection vulnerability that can escalate privileges to SYSTEM.
495359aea72909f15906270788c6b74cd49fa920f716256f202875b418a86cf3Ivanti Workspace Manager versions prior to 10.3.90 suffer from a bypass vulnerability.
d5a5d5763c494f264bad3c58327b4e873bfe30a582df25931163b631bce663baNetperf version 2.6.0 suffers from a stack-based buffer overflow.
dda908bfae1b3f1d72e4d16cda8f1cd72e913a9911960df08f53b6013a26a0f1WhatsApp version 2.18.61 suffers from a memory corruption vulnerability.
05f98770c14444ad83cddd23fdf265911dab07c1540b1184699a7badf9180432SIPP version 3.3 is prone to a local unauthenticated stack-based overflow vulnerability.
f9a8a2ae3dd3fabf0391c08cc0e25a4650275a9a381a853ab709bfb0a1911291Linkedin mobile iOS application version 9.11.8592.4 suffers from a CPU resource exhaustion vulnerability.
37fbd701edef30bae893062e35a07dcacdae7ad07a66bc9892f2375bd40db3a7WhatsApp version 2.18.31 on iOS suffers from a remote memory corruption vulnerability.
ff92e1c85fb8bd8ac7902fd96cddf503538f3176b7b042ad1dbbfe8fb8038ef6PMS version 0.42 suffers from a buffer overflow vulnerability.
3c10668d26f85f6269d8af46ac25fa32a6808b8ab80409a57cd778bf9df55a98Crashmail version 1.6 suffers from a buffer overflow vulnerability.
72b5c7d1b766f470a4442575cddacd62886be8f487d3aa3e49019afcfcf0323cSC version 7.16 suffers from a stack-based buffer overflow vulnerability.
40e606ae5848c8a18afcea6e187fa8b744256b579867bdeaeb23ecddd85f175dEChat Server version 3.1 suffers from a buffer overflow vulnerability in CHAT.ghp.
74be6f47092a3059526e778c79f81553fcaa34418b20c48a8eace6c18e743119Asterisk version 13.17.2 chan_skinny remote memory corruption exploit.
d2db182d69faada1486fac6510d54d5e42a8c8a40f7a76e7cc6eded032d6743aBOCHS version 2.6-5 suffers from a local buffer overflow vulnerability.
3c3447ca69839ae3d2695c66f85d482432a3d8c25f093d5c311d016a03b6693cAsterisk Project Security Advisory - If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind.
6c078a611791f3370bae6360f94dc066396a952b66d50dee0290bc8009744060Asterisk version 13.17.2~dfsg-2 suffers from a remote unauthenticated memory exhaustion vulnerability.
99d7d993e299b93cfe3175432dc128f681f04cd24bad4088cf2c8831bddb04c6WhatsApp versions 2.17.52 and below suffer from a memory corruption vulnerability that can result in a denial of service.
938e528baacd94eea2f9b0cdc6f120abd8230c01d83a66a10d0b34e7c45314cdMAWK versions 1.3.3-17 and below are susceptible to a stack-based buffer overflow vulnerability.
8ae22f24c6687d7f34733d9e6e83cb7ac1404a6bfaedd4166e57d39f5962fe1dFASM (Flat Assembler) versions 1.7.21 and below suffer from a buffer overflow vulnerability.
f477943c08d29991c9de67f7ad83d2d89a6a334b0cf9fef4181782e4bb3f8ccbThis exploit leverages an MTA handler remote code execution vulnerability in Microsoft Word.
65b89848eff3dfa0514bb59a5330c3a17145a3d071de4db54112a08e95e91b96JAD version 1.5.8e-1kali1 suffers from a buffer overflow vulnerability.
802114a05907d65bb9ed538820a7f40a9bb461fc90ea763cdd2ae06a674e7c36Mapscrn version 2.0.3 suffers from stack-based buffer overflow vulnerability.
68ffed8979f2c5e90738c9ed6181d05d311fe275bfddd5e2c247b5a16958f26aTiEmu versions 2.08 and below suffer from a stack-based buffer overflow vulnerability.
d7f63f6b109c64688cd679a3e23d920c4c59ac4ddeda65c96a0c42ccd281e329JAD Java Decompiler version 1.5.8e suffers from a local buffer overflow vulnerability.
1f4316b80457aecc9ab1d4b63dda9a18973e331e719518b4ab41a40f4dcfe2b4SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010.
a8aa061521a024a2681c43faf9e0f6857ab4aabefda62ecf82da7a024aea3165
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed