Autor: Peter Leibling

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in an sql command (’sql injection‘) in SQL Server allows an authorized attacker to elevate privileges locally.

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.

Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.