All Vulnerabilities

An arbitrary file overwrite vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to NTPD allowing remote clients to change the pidfile and driftfile configuration options to any arbitrary file, allowing any file on the target system to be overwritten. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation can cause the NTP process to write the drift value or the pid value to an arbitrary file. This can lead to data corruption or denial-of-service on the target system.

An information disclosure vulnerability exists when the ATMFD component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the affected system.

A memory corruption vulnerability exists when the Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

An Information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

A memory corruption vulnerability was discovered in Microsoft Windows. It can be triggered by loading a malformed blf file. Successful exploitation of this issue might lead to local privilege escalation.

A memory corruption vulnerability was discovered in Microsoft Windows. Successful exploitation of this issue might lead to local privilege escalation.

A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. Successful exploitation of this issue might lead to local privilege escalation.

A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. Successful exploitation of this issue might lead to local privilege escalation.