all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-294: Microsoft Office Performance Monitor Link Following Local Privilege Escalation Vulnerability

Add to bookmarks
March 13, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26199.

attacker attackers code cves cvss escalation exploit link local local privilege escalation low microsoft microsoft office monitor office order performance privilege privileged privilege escalation privileges rating system target vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-557: Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-556: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-555: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
attackers cvss disclosure exploit +16
ZDI-24-529: (Pwn2Own) VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
attacker attackers code cves +22
ZDI-24-528: (Pwn2Own) VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
attacker attackers code cvss +21
ZDI-24-527: (Pwn2Own) [Collision] VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
attacker attackers code collision +24
ZDI-24-554: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-553: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-552: Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
attackers cvss disclosure exploit +15

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com