Posts Tagged ‘bypass’

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection […]


Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass

The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard). Source: Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass


Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way “WinSxS” works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead […]


Microsoft Office 2007 Groove Security Bypass / Code Execution

Microsoft Office 2007 Groove contains a security bypass issue regarding ‘Workspace Shortcut’ files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only ‘grooveTelespace://’ URLs should be allowed, which allows execution of arbitrary code upon opening a ‘GLK’ file. Source: Microsoft Office 2007 Groove Security Bypass / Code Execution