Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-29360

Published: 14/06/2023 Updated: 04/03/2024
CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5
VMScore: 0
Subscribe to Windows 11 21h2

Vulnerability Summary

This vulnerability allows local malicious users to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the mskssrv driver. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 11 21h2

microsoft windows 11 22h2

microsoft windows 10 1809

microsoft windows 10 1607

microsoft windows 10 21h2

microsoft windows 10 22h2

microsoft windows server 2022

microsoft windows server 2019

microsoft windows server 2016

Github Repositories

https://github.com/cvefeed/cvefeed.io

CVEFeed.io: The Ultimate Hub for Vulnerability Insights and Intelligence

cvefeedio cvefeedio: Your Go-To Place for Finding Out About Security Feed and Intelligence I'm always on the lookout for the newest information on security problems I've searched high and low, from Twitter to RSS feeds, but was surprised there wasn't a single place that had all the info I needed Example CVE detail page: CVE-2024-21762 Example Produc

https://github.com/Nero22k/cve-2023-29360

Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver

PoC for CVE-2023-29360 Exploit targeting MSKSSRVSYS driver Note If you have any cool tricks & tips that will make this exploit better I'm open to any suggestions :) Credits Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv)

Recent Articles

CISA warns of Microsoft Streaming bug exploited in malware attacks
BleepingComputer • Sergiu Gatlan • 01 Mar 2024

CISA warns of Microsoft Streaming bug exploited in malware attacks By Sergiu Gatlan March 1, 2024 02:18 PM 0 CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. The security flaw (tracked as CVE-2023-29360) is due to an untrusted pointer dereference weakness that enables local attackers to gain SYSTEM privileges in low-comple...

Read more...
Raspberry Robin devs are buying exploits for faster attacks
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to the group – most likely the latter. That's according to Check Point Research (CPR) which has tracked how long it takes for vulnerability exploits to be added as features to the malware. In 2022, Raspberry Robin added exploits for vulnerabilities th...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360https://nvd.nist.govhttps://github.com/cvefeed/cvefeed.iohttps://www.theregister.co.uk/2024/02/08/raspberry_robin_bought_exploits/https://www.zerodayinitiative.com/advisories/ZDI-23-885/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook