ZDI-24-363: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability | allinfosecnews.com

April 9, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26158.

attacker attackers code cves cvss escalation exploit installer link local local privilege escalation low microsoft microsoft windows order privilege privileged privilege escalation privileges rating service system target vulnerability windows zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-469: Avira Prime Link Following Local Privilege Escalation Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

attacker attackers avira code +20

ZDI-24-468: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attack attackers attack vectors +21

ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-465: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-463: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-462: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-461: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 1 hour ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com