HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

Home

  • CVE-2019-3585 - McAfee - Improper Privilege Management

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.


  • Windows 7 ESU Patching Changelog

    Update 2024-10-11

    • Replaced September 2024 Monthly Update (KB5043129) with October 2024 Monthly Update (KB5044356).
    • Replaced August 2024 .NET Framework 3.5.1 Update (KB5041942) with October 2024 .NET Framework 3.5.1 Update (KB5044011).
    • Replaced August 2024 .NET Framework 4.8 Update (KB5041954) with October 2024 .NET Framework 4.8 Update (KB5044027).
    • Updated Microsoft Time Stamp Root Certificate Authority 2014.crl.
    • Updated Microsoft ECC Root Certificate Authority 2017.crl.

  • CVE-2020-11443 - Zoom - Incorrect Permission Assignment for Critical Resource

    The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files otherwise not deletable by the user.


  • CVE-2020-7274 - McAfee - Improper Privilege Management

    Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges.


  • CVE-2020-7255 - McAfee - Improper Privilege Management

    Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via a configuration error.



     Page: 12 of 13     
buy me a coffee