ZDI-23-1643: Microsoft Windows win32kfull UMPDDrvStretchBlt Use-After-Free Local Privilege Escalation Vulnerability | allinfosecnews.com

Nov. 15, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-36804.

attacker attackers code cve cves cvss escalation exploit free local local privilege escalation low microsoft microsoft windows order privilege privileged privilege escalation privileges rating system target use-after-free vulnerability windows zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-23-1752: Delta Electronics InfraSuite Device Master UploadMedia Directory Traversal Remote Code Execution Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +17

ZDI-23-1756: Delta Electronics InfraSuite Device Master PlayWaveFile Directory Traversal Information Disclosure Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com

attackers authentication cve cves +18

ZDI-23-1754: Delta Electronics InfraSuite Device Master Device-DataCollect Deserialization of Untrusted Data Remote Code Execution Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +18

ZDI-23-1753: Delta Electronics InfraSuite Device Master Device-Gateway Deserialization of Untrusted Data Remote Code Execution Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +19

ZDI-23-1755: Delta Electronics InfraSuite Device Master RunScript Exposed Dangerous Method Remote Code Execution Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-23-1733: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code … 4 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers buffer buffer overflow +18

ZDI-23-1734: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code … 4 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers buffer buffer overflow +18

ZDI-23-1732: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code … 4 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers buffer buffer overflow +18

ZDI-23-1729: Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Out-Of-Bounds Write Remote Code Execution … 4 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

Security Specialist

@ Protect Democracy | Remote, US

View on infosec-jobs.com

Cybersecurity Systems Security Engineer II-T

@ ManTech | 809AR - Ft Carson,Colorado Springs,CO

View on infosec-jobs.com

Security Engineer (Supporting NASA at JSC)

@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas

View on infosec-jobs.com

Head of Security & IT

@ ORFIUM | Dublin, County Dublin, Ireland

View on infosec-jobs.com

Chief Privacy Officer

@ Nike | Santa Clara,CA

View on infosec-jobs.com

Security Engineer

@ SPINS | Chicago, IL

View on infosec-jobs.com