Autor: Peter Leibling

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.