HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

Home

  • CVE-2022-28247

    Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.


  • CVE-2022-24767

    Git for Windows is a fork of Git containing Windows-specific patches. Since part of Git for Windows’ uninstaller is copied into the current user’s temporary directory and run in that place, it is important to ensure that there are no malicious .dll file in that directory that might be loaded as part of loading the executable. However, the default system settings for TMP and TEMP are to point to C:\Windows\Temp, a folder that is world-writable (for historical reasons), and the SYSTEM user account inherits those settings. This means that any authenticated user can place malicious .dll files that are loaded when Git for Windows’ uninstaller is run via the SYSTEM account. Fixes are available in Git for Windows v2.35.2 or newer. Users unable to upgrade may override SYSTEM’s TMP environment variable to point to a directory exclusively under SYSTEM’s control before running the uninstaller, clear C:\Windows\Temp of all .dll files before running the uninstaller, or run the uninstaller under an admin account rather than SYSTEM as a workaround.


  • CVE-2022-22665

    Apple macOS AppKit - A malicious application may be able to gain root privileges.


  • CVE-2022-24525

    Windows Update Stack Elevation of Privilege Vulnerability


  • CVE-2022-26488

    In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.



     Page: 3 of 13     
buy me a coffee