Security News ZDI Blog: Breaking Barriers And Assumptions: Techniques For Privilege Escalation On Windows

Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Content source
https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Discoveries
As a result of the work shown in this blog series, we have discovered and disclosed the following vulnerabilities that have now been patched:

CVE-2024-3037, PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability
CVE-2024-4454, WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
CVE-2024-2003, ESET Smart Security Premium Link Following Local Privilege Escalation Vulnerability
CVE-2024-0353, ESET Smart Security Premium ekrn Link Following Local Privilege Escalation Vulnerability
CVE-2024-3037, PaperCut NG pc-web-print Link Following Local Privilege Escalation Vulnerability
Click to expand...
The 14 vulnerabilities below are being released as zero-day vulnerabilities because they remain unpatched.

ZDI-CAN-22238: (0day) VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-22260: (0day) AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-22272: (0day) Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-22803: (0day) AVG AntiVirus Free Link Following Denial-of-Service Vulnerability
ZDI-CAN-22806: (0day) Avast Free Antivirus Link Following Denial-of-Service Vulnerability
ZDI-CAN-22942: (0day) AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability
ZDI-CAN-22960: (0day) AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-22963: (0day) Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-23005: (0day) F-Secure Total Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-23375: (0day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-23402: (0day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-23413: (0day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability
ZDI-CAN-23428: (0day) Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability
ZDI-CAN-23429: (0day) Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Click to expand...
Conclusion
As mentioned previously, we fear that there may be several other vendors whose products are currently vulnerable, but because their products are paywalled, we were not able to test them. We hope the techniques and cases presented in this blog series have inspired you to explore and identify vulnerabilities that you can submit to the ZDI program.
Click to expand...
This blog post consists of three parts:
www.zerodayinitiative.com

Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1

The number of link following vulnerabilities submitted to the Trend Micro ZDI program has been increasing rapidly over the past several years. These submissions have provided us with insight into how these vulnerabilities are being found and exploited. In years prior we were seeing a lot of low-h
www.zerodayinitiative.com www.zerodayinitiative.com
www.zerodayinitiative.com

Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2

The number of vulnerabilities that we see through the program provides significant insight into the attack surfaces of each product that we purchase bugs in. These submissions sometimes reveal not only potential variants but also broader architectural flaws. Submitters frequently choose to provide a
www.zerodayinitiative.com www.zerodayinitiative.com
www.zerodayinitiative.com

Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3

To wrap up this blog series we wanted to include one more technique that you can use when exploiting this class of vulnerabilities. This technique, introduced to us by Abdelhamid Naceri, becomes useful when you have an on-boot arbitrary delete primitive that you want to transform into an on-demand d
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • +Reputation
Reactions: Andy Ful, Zartarra, SeriousHoax and 2 others

Similar threads

CyberPanther
    • Like
New Update ESET patches High-Severity Privilege Escalation Vulnerability
Replies
0
Views
1,900
ESET
CyberPanther
CyberPanther
Gandalf_The_Grey
    • Like
    • +Reputation
Security News ZDI: The October 2024 Security Update Review
Replies
2
Views
1,463
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Trident
    • Like
    • +Reputation
Malware News Attacker Relies on Retired IE and Parlour Tricks for More than a Year
Replies
4
Views
3,034
Security News
brambedkar59
brambedkar59

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top