VBA RunPE - Breaking Out of Highly Constrained Desktop Environments - Part 1/2

In this post, I’d like to share a technique that I often use to break out of highly constrained desktop environments such as CItrix. The only prerequisite is to have access to Microsoft Word or Exc...

Dec 12, 2018 Defense Evasion

CVE-2019-19544 - CA Dollar Universe 5.3.3 'uxdqmsrv' - Privilege Escalation via a Vulnerable SUID Binary

A vulnerability was discovered in the uxdqmsrv binary. It consists in an arbitrary file write as root that can be leveraged by any local user to gain full root privileges on the host (UNIX/Linux on...

Sep 3, 2018 Privilege Escalation

CVE-2017-13130 - BMC Patrol 'mcmnm' - Privilege Escalation via a Vulnerable SUID Binary

A vulnerability was discovered in the mcmnm binary. It is compiled with a RPATH starting with .:. Therefore, any user can craft a malicious library (e.g.: libmcmclnx.so) and then run mcmnm from the...

Jun 6, 2018 Privilege Escalation

VBA RunPE - Breaking Out of Highly Constrained Desktop Environments - Part 1/2

CVE-2019-19544 - CA Dollar Universe 5.3.3 'uxdqmsrv' - Privilege Escalation via a Vulnerable SUID Binary

CVE-2017-13130 - BMC Patrol 'mcmnm' - Privilege Escalation via a Vulnerable SUID Binary

Trending Tags