Windows 漏洞列表
共找到 200 个与 Windows 相关的漏洞
📅 加载漏洞趋势中...
-
Windows NTLMv2-SSP Hash信息泄露漏洞(CVE-2025-50154) 无POC
Windows explorer.exe渲染.LNK快捷方式文件中托管在远程 SMB 服务器上的二进制文件图标时,将下载远程文件,从其RT_GROUP_ICON 和 RT_ICON 资源中提取 PE 图标,从而导致 NTLM 哈希泄露。 -
generic-windows-lfi: Generic Windows based LFI Test POC
Searches for /windows/win.ini on passed URLs -
CVE-2015-1635: Microsoft Windows 'HTTP.sys' - Remote Code Execution POC
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." -
CVE-2017-7269: Windows Server 2003 & IIS 6.0 - Remote Code Execution POC
Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If <http://" in a PROPFIND request. -
openBI /index/screen/dlfile 代码执行漏洞(CVE-2024-1117) 无POC
openBI是一款开源的大数据可视化解决方案。openBI的 /index/screen/dlfile 接口存在代码执行漏洞(CVE-2024-1117)。该漏洞允许攻击者通过构造恶意请求在目标服务器上执行任意代码,可能导致系统被完全控制或敏感数据泄露。漏洞源于文件 /application/index/controller/Screen.php 中的 index 函数未对用户提交的数据进行充分验证,攻击者可利用此缺陷注入并执行恶意命令。 -
Flowise /api/v1/apikey 权限绕过漏洞 (CVE-2024-8181) 无POC
Flowise是一款开源低代码工具,供开发人员构建定制的 LLM 编排流程和 AI 代理。Flowise 1.8.2 版本中存在身份验证绕过漏洞。该漏洞允许未经身份验证的远程攻击者以管理员身份访问 API 端点,并允许他们访问受限功能。 -
Microsoft Windows Standards-Based Storage Management Service 资源管理错误漏洞 无POC
Microsoft Windows Standards-Based Storage Management Service是美国微软(Microsoft)公司的一个基于标准的存储管理服务,它提供了发现、配置和监控存储资源的功能。 Microsoft Windows Standards-Based Storage Management Service存在资源管理错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Digital Media 资源管理错误漏洞 无POC
Microsoft Windows Digital Media是美国微软(Microsoft)公司的一系列用于播放、管理、共享、传输以及保护数字媒体内容的技术与功能的集合。 Microsoft Windows Digital Media存在资源管理错误漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows Subsystem for Linux(WSL) 缓冲区错误漏洞 无POC
Microsoft Windows Subsystem for Linux(WSL)是美国微软(Microsoft)公司的一个Windows下的Linux子系统,一个能够运行原生Linux二进制可执行文件(ELF格式)的兼容层。 Microsoft Windows Subsystem for Linux(WSL)存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems。 -
Microsoft Windows Digital Media 资源管理错误漏洞 无POC
Microsoft Windows Digital Media是美国微软(Microsoft)公司的一系列用于播放、管理、共享、传输以及保护数字媒体内容的技术与功能的集合。 Microsoft Windows Digital Media存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows Server 2025 (Server Core installation)。 -
Microsoft Windows 资源管理错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025,Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems。 -
Microsoft Windows NTFS 访问控制错误漏洞 无POC
Microsoft Windows NTFS是美国微软(Microsoft)公司的一个为计算机文件服务的文件系统。该文件系统具有错误预警功能、磁盘自我修复功能和日志功能。 Microsoft Windows NTFS存在访问控制错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows Server 2025,Windows Server 2025 (Server Core installation)。 -
Microsoft Windows Power Dependency Coordinator 信息泄露漏洞 无POC
Microsoft Windows Power Dependency Coordinator是美国微软(Microsoft)公司的Windows系统中的一个组件,负责协调电源管理相关操作。 Microsoft Windows Power Dependency Coordinator存在信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems。 -
Microsoft Windows Secure Channel 资源管理错误漏洞 无POC
Microsoft Windows Secure Channel是美国微软(Microsoft)公司的一种安全支持提供程序 (SSP),包含一组安全协议,可通过加密提供身份验证和安全、私密的通信。 Microsoft Windows Secure Channel存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows Digital Media 资源管理错误漏洞 无POC
Microsoft Windows Digital Media是美国微软(Microsoft)公司的一系列用于播放、管理、共享、传输以及保护数字媒体内容的技术与功能的集合。 Microsoft Windows Digital Media存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows Shell 资源管理错误漏洞 无POC
Microsoft Windows Shell是美国微软(Microsoft)公司的Windows操作系统的图形用户界面。Windows shell易于识别的元素包括桌面、任务栏、开始菜单、任务切换器和自动播放等特征。在某些版本的Windows上,还包括Flip 3D和魅力等功能。 Microsoft Windows Shell存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows Secure Channel 资源管理错误漏洞 无POC
Microsoft Windows Secure Channel是美国微软(Microsoft)公司的一种安全支持提供程序 (SSP),包含一组安全协议,可通过加密提供身份验证和安全、私密的通信。 Microsoft Windows Secure Channel存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 11 Version 24H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems。 -
Microsoft Windows Routing and Remote Access Service 缓冲区错误漏洞 无POC
Microsoft Windows Routing and Remote Access Service是美国微软(Microsoft)公司的一种网络服务,用于实现网络路由、虚拟专用网络(VPN)和拨号连接等功能。 Microsoft Windows Routing and Remote Access Service存在缓冲区错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Installer 后置链接漏洞 无POC
Microsoft Windows Installer是美国微软(Microsoft)公司的Windows 操作系统的一个组件。为安装和卸载软件提供了标准基础。 Microsoft Windows Installer存在后置链接漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems。 -
Microsoft Windows Virtualization-Based Security Enclave 数据伪造问题漏洞 无POC
Microsoft Windows Virtualization-Based Security Enclave(Microsoft Windows VBS Enclave)是美国微软(Microsoft)公司的一种主机应用程序地址空间内基于软件的受信任执行环境。 Microsoft Windows Virtualization-Based Security Enclave(Microsoft Windows VBS Enclave)存在数据伪造问题漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems。 -
Microsoft Windows NTFS 缓冲区错误漏洞 无POC
Microsoft Windows NTFS是美国微软(Microsoft)公司的一个为计算机文件服务的文件系统。该文件系统具有错误预警功能、磁盘自我修复功能和日志功能。 Microsoft Windows NTFS存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Standards-Based Storage Management Service 资源管理错误漏洞 无POC
Microsoft Windows Standards-Based Storage Management Service是美国微软(Microsoft)公司的一个基于标准的存储管理服务,它提供了发现、配置和监控存储资源的功能。 Microsoft Windows Standards-Based Storage Management Service存在资源管理错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Standards-Based Storage Management Service 资源管理错误漏洞 无POC
Microsoft Windows Standards-Based Storage Management Service是美国微软(Microsoft)公司的一个基于标准的存储管理服务,它提供了发现、配置和监控存储资源的功能。 Microsoft Windows Standards-Based Storage Management Service存在资源管理错误漏洞。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Common Log File System Driver 资源管理错误漏洞 无POC
Microsoft Windows Common Log File System Driver是美国微软(Microsoft)公司的通用日志文件系统 (CLFS) API 提供了一个高性能、通用的日志文件子系统,专用客户端应用程序可以使用该子系统并且多个客户端可以共享以优化日志访问。 Microsoft Windows Common Log File System Driver存在资源管理错误漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Cryptographic Services 资源管理错误漏洞 无POC
Microsoft Windows Cryptographic Services是美国微软(Microsoft)公司的加密服务提供程序。 Microsoft Windows Cryptographic Services存在资源管理错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Standards-Based Storage Management Service 资源管理错误漏洞 无POC
Microsoft Windows Standards-Based Storage Management Service是美国微软(Microsoft)公司的一个基于标准的存储管理服务,它提供了发现、配置和监控存储资源的功能。 Microsoft Windows Standards-Based Storage Management Service存在资源管理错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2025 (Server Core installation),Windows Server 2025,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Windows 文件资源管理器欺骗漏洞(CVE-2025-24071、CVE-2025-24054) 无POC
Windows文件资源管理器是Windows操作系统中内置的文件管理工具,提供用户友好的界面来管理文件和文件夹。用户可以通过文件资源管理器浏览计算机中的文件系统,创建、复制、移动和删除文件,以及组织文件夹结构。此工具还允许用户搜索文件、访问网络驱动器、查看文件属性以及执行其他文件管理操作。Windows文件资源管理器的直观界面和丰富功能使得用户能够轻松管理其计算机上的文件和数据。该漏洞的根本原因在于Windows资源管理器在解压包含特制.library-ms文件的RAR/ZIP存档时会自动解析该文件内嵌的恶意SMB路径,从而触发隐式的NTLM认证握手,导致用户的NTLMv2哈希被泄露。 -
Windows Active Directory域名服务特权提升漏洞 (CVE-2025-21293) 无POC
“网络配置操作员”组是Windows Active Directory 默认的安全组之一。该组成员对注册表中的服务DnsCache 和NetBT拥有创建子键的权限,导致可以在该服务注册表路径下创建子键,指定任意DLL文件路径,实现注册性能计数器。待性能计数器启动后,将以系统服务用户SYSTEM权限运行注册的性能计数器DLL文件,实现权限提升。 -
Windows OLE远程代码执行漏洞(CVE-2025-21298) 无POC
Windows OLE 是一种允许嵌入和链接到文档及其他对象的技术。该漏洞位于ole32.dll!UtOlePresStmToContentsStm。该函数的目的是将 OLE存储中的“OlePres”流中的数据转换为适当格式的数据,并将其插入到同一存储中的“CONTENTS”流中。它接收指向IStorage存储对象的指针和三个不太重要的参数。代码没有考虑到UtReadOlePresStmHeader可能会失败的事实。如果发生这种情况,pstmContents仍将指向释放的指针,然后将进入清理代码,这将再次释放指针。因此,会发生双重释放的情况。 -
Microsoft Windows Resilient File System 资源管理错误漏洞 无POC
Microsoft Windows Resilient File System(ReFS)是美国微软(Microsoft)公司的弹性文件系统。 Microsoft Windows Resilient File System(ReFS)存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows 资源管理错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在资源管理错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Kernel 访问控制错误漏洞 无POC
Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel存在访问控制错误漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Installer 后置链接漏洞 无POC
Microsoft Windows Installer是美国微软(Microsoft)公司的Windows 操作系统的一个组件。为安装和卸载软件提供了标准基础。 Microsoft Windows Installer存在后置链接漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems。 -
Microsoft Windows Storage Services 后置链接漏洞 无POC
Microsoft Windows Storage Services是美国微软(Microsoft)公司的存储服务。 Microsoft Windows Storage Services存在后置链接漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows DHCP Client Server 资源管理错误漏洞 无POC
Microsoft Windows DHCP Client Server是美国微软(Microsoft)公司的一个核心服务,用于自动获取网络配置信息。 Microsoft Windows DHCP Client Server存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows Deployment Services 后置链接漏洞 无POC
Microsoft Windows Deployment Services是美国微软(Microsoft)公司的Windows部署服务(远程安装服务 (RIS) 的更新和重新设计版本)的设置容器,可以使用它通过基于网络的无人值守安装来设置新计算机。 Microsoft Windows Deployment Services存在后置链接漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows Resilient File System 资源管理错误漏洞 无POC
Microsoft Windows Resilient File System(ReFS)是美国微软(Microsoft)公司的弹性文件系统。 Microsoft Windows Resilient File System(ReFS)存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows Telephony Server 资源管理错误漏洞 无POC
Microsoft Windows Telephony Server是美国微软(Microsoft)公司的一个组件,它支持电话应用程序编程接口(TAPI),允许计算机程序与共享的电话服务进行通信。 Microsoft Windows Telephony Server存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 Version 22H2 for ARM64-based Systems。 -
Microsoft Windows DHCP Client Server 缓冲区错误漏洞 无POC
Microsoft Windows DHCP Client Server是美国微软(Microsoft)公司的一个核心服务,用于自动获取网络配置信息。 Microsoft Windows DHCP Client Server存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows 后置链接漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在后置链接漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2022 (Server Core installation),Windows Server 2022,Windows Server 2019 (Server Core installation),Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows Server 2019,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2025,Windows 10 for 32-bit Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 10 for x64-based Systems,Windows Server 2016,Windows 10 Version 1607 for 32-bit Systems,Windows Server 2016 (Server Core installation),Windows 10 Version 1607 for x64-based Systems,Windows Server 2012 R2,Windows Server 2012 (Server Core installation),Windows Server 2012,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows COM 资源管理错误漏洞 无POC
Microsoft Windows COM是美国微软(Microsoft)公司的一种以重用软件为目的的技术。COM 被描述为一个独立于平台的、分散的、面向对象的系统,用于创建交互的二进制软件组件。 Microsoft Windows COM存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Kernel 日志信息泄露漏洞 无POC
Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel Memory存在日志信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 for x64-based Systems,Windows Server 2016,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows 10 for 32-bit Systems,Windows Server 2016 (Server Core installation),Windows Server 2019 (Server Core installation)。 -
Microsoft Windows Secure Boot 缓冲区错误漏洞 无POC
Microsoft Windows Secure Boot是美国微软(Microsoft)公司的安全启动。 Microsoft Windows Secure Boot存在缓冲区错误漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Installer 授权问题漏洞 无POC
Microsoft Windows Installer是美国微软(Microsoft)公司的Windows 操作系统的一个组件。为安装和卸载软件提供了标准基础。 Microsoft Windows Installer存在授权问题漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows WLAN AutoConfig Service 缓冲区错误漏洞 无POC
Microsoft Windows WLAN AutoConfig Service是美国微软(Microsoft)公司的一个Windows Vista以上版本操作系统的无线网卡配置服务。 Microsoft Windows WLAN AutoConfig Service存在缓冲区错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Digital Media 缓冲区错误漏洞 无POC
Microsoft Windows Digital Media是美国微软(Microsoft)公司的一系列用于播放、管理、共享、传输以及保护数字媒体内容的技术与功能的集合。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows BitLocker 信息泄露漏洞 无POC
Microsoft Windows BitLocker是美国微软(Microsoft)公司的BitLocker 确保在激活保护之前安全备份恢复密钥。 Microsoft Windows BitLocker存在信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Digital Media 缓冲区错误漏洞 无POC
Microsoft Windows Digital Media是美国微软(Microsoft)公司的一系列用于播放、管理、共享、传输以及保护数字媒体内容的技术与功能的集合。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Virtualization-Based Security Enclave 访问控制错误漏洞 无POC
Microsoft Windows Virtualization-Based Security Enclave(Microsoft Windows VBS Enclave)是美国微软(Microsoft)公司的一种主机应用程序地址空间内基于软件的受信任执行环境。 Microsoft Windows Virtualization-Based Security Enclave存在访问控制错误漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems。 -
Microsoft Windows Geolocation Service 访问控制错误漏洞 无POC
Microsoft Windows Geolocation Service是美国微软(Microsoft)公司的Windows系统中用于确定设备地理位置并为应用提供位置信息的服务。 Microsoft Windows Geolocation Service存在访问控制错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows Server 2016 (Server Core installation),Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016。 -
Microsoft Windows Remote Desktop Services 竞争条件问题漏洞 无POC
Microsoft Windows Remote Desktop Services是美国微软(Microsoft)公司的一个允许用户远程访问图形桌面和Windows应用程序的功能集合。 Microsoft Windows Remote Desktop Services存在竞争条件问题漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems。 -
Microsoft Windows 信息泄露漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Themes存在信息泄露漏洞。攻击者利用该漏洞执行欺骗攻击。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows 代码注入漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Search Component存在代码注入漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Kernel 日志信息泄露漏洞 无POC
Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel存在日志信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems。 -
Microsoft Windows Event Tracing 后置链接漏洞 无POC
Microsoft Windows Event Tracing是美国微软(Microsoft)公司的一个应用软件。 提供了一种机制来跟踪和记录由用户模式应用程序和内核模式驱动程序引发的事件。 Microsoft Windows Event Tracing存在后置链接漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Client-Side Caching (CSC) Service存在缓冲区错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Installer 后置链接漏洞 无POC
Microsoft Windows Installer是美国微软(Microsoft)公司的Windows 操作系统的一个组件。为安装和卸载软件提供了标准基础。 Microsoft Windows Installer存在后置链接漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows 10 Version 1809 for 32-bit Systems。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Kernel 日志信息泄露漏洞 无POC
Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel Memory存在日志信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Digital Media存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Kernel 日志信息泄露漏洞 无POC
Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel Memory存在日志信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation)。 -
Windows流式处理服务ksthunk.sys提权漏洞(CVE-2024-30090) 无POC
Windows流式处理服务ksthunk.sys在处理IOCTL_KS_ENABLE_EVENT时,会进行32位到64位结构的转换,在转换过程中存在任意内核地址的内容加一的漏洞。利用这个漏洞,可以替换进程中SeDebugPrivilege权限位的值,导致低权限进程可以打开高权限进程,从而实现本地权限提升。 -
Microsoft Windows 输入验证不当漏洞 无POC
-
Microsoft Windows 身份验证缺陷漏洞 无POC
-
Microsoft Windows 输入验证不当漏洞 可导致远程代码执行 无POC
-
Microsoft Windows 释放后重用漏洞 可导致权限提升 无POC
-
Microsoft Windows 初始化不当漏洞 可导致权限提升 无POC
Microsoft Windows 初始化不当漏洞 可导致权限提升 -
Microsoft Windows UAF漏洞 可导致权限提升 无POC
Microsoft Windows UAF漏洞 可导致权限提升 -
Microsoft Windows UAF漏洞 可导致敏感信息泄露 无POC
Microsoft Windows UAF漏洞 可导致敏感信息泄露 -
Microsoft Windows 存储端口驱动程序 缓冲区溢出漏洞 可导致权限提升 无POC
Microsoft Windows 存储端口驱动程序 缓冲区溢出漏洞 可导致权限提升 -
Microsoft Windows MSHTML Platform 跨站脚本漏洞 无POC
Microsoft Windows MSHTML Platform 跨站脚本漏洞 -
Microsoft Windows OpenSSH 访问控制不当漏洞 可导致远程代码执行 无POC
Microsoft Windows OpenSSH 访问控制不当漏洞 可导致远程代码执行 -
Microsoft Windows 远程桌面协议服务 UAF漏洞 可导致代码执行 无POC
Microsoft Windows 远程桌面协议服务 UAF漏洞 可导致代码执行 -
Microsoft Windows OpenSSH 访问控制不当漏洞 无POC
Microsoft Windows OpenSSH 访问控制不当漏洞 -
Windows CSC服务权限提升漏洞(CVE-2024-26229) 无POC
csc.sys驱动程序中带有METHOD_NEITHERI/O控制代码的IOCTL地址验证不正确,导致任意地址写零漏洞。攻击者在Windows上获得较低权限的任意代码执行后,可以利用该漏洞将低权限提升至system权限。 -
Microsoft Windows 网络标记 设计缺陷漏洞 可致安全功能绕过 无POC
-
Microsoft Windows 更新 UAF 漏洞 可致远程代码执行 无POC
-
Microsoft Windows Installer 权限管理不当漏洞 可致权限提升 无POC
-
Microsoft Windows CVE-2024-38106 权限提升漏洞 无POC
Microsoft Windows中存在权限提升漏洞,此漏洞是由于应用对恶意文件验证不当造成的。 -
Microsoft Windows CVE-2024-38193 权限提升漏洞 无POC
用于WinSock的Windows辅助功能驱动程序存在权限提升漏洞,此漏洞是由于应用对恶意文件验证不当造成的。 -
Microsoft Winodws脚本引擎 CVE-2024-38178 内存损坏漏洞 无POC
Microsoft Winodws脚本引擎存在内存损坏漏洞。此漏洞是由于系统对于恶意的web文件缺乏校验导致的。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows 代码问题漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows 存在代码问题漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 24H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems。 -
Microsoft Windows WLAN AutoConfig Service 访问控制错误漏洞 无POC
Microsoft Windows WLAN AutoConfig Service是美国微软(Microsoft)公司的一个Windows Vista以上版本操作系统的无线网卡配置服务。 Microsoft Windows WLAN AutoConfig Service存在访问控制错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows Update Stack 访问控制错误漏洞 无POC
Microsoft Windows Update Stack是美国微软(Microsoft)公司的用于管理更新的一部分。 Microsoft Windows Update Stack存在访问控制错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2022,Windows 11 version 21H2 for x64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for 32-bit Systems。 -
Microsoft Windows Print Spooler Components 数据伪造问题漏洞 无POC
Microsoft Windows Print Spooler Components是美国微软(Microsoft)公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components存在数据伪造问题漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Deployment Services 资源管理错误漏洞 无POC
Microsoft Windows Deployment Services是美国微软(Microsoft)公司的Windows部署服务(远程安装服务 (RIS) 的更新和重新设计版本)的设置容器,可以使用它通过基于网络的无人值守安装来设置新计算机。 Microsoft Windows Deployment Services存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows Resource Manager 资源管理错误漏洞 无POC
Microsoft Windows Resource Manager是美国微软(Microsoft)公司的Windows 操作系统的系统资源管理器。 Microsoft Windows Resource Manager 存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2022 (Server Core installation)。 -
Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞 无POC
Microsoft Windows Ancillary Function Driver for WinSock是美国微软(Microsoft)公司的Winsock 的辅助功能驱动程序。 Microsoft Windows Ancillary Function Driver for WinSock存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 for 32-bit Systems。 -
Microsoft Windows NTFS 缓冲区错误漏洞 无POC
Microsoft Windows NTFS是美国微软(Microsoft)公司的一个为计算机文件服务的文件系统。该文件系统具有错误预警功能、磁盘自我修复功能和日志功能。 Microsoft Windows NTFS存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 23H2 for x64-based Systems。 -
Microsoft Windows 访问控制错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在访问控制错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Security Center 缓冲区错误漏洞 无POC
Microsoft Windows Security Center是美国微软(Microsoft)公司的安全中心。 Microsoft Windows Security Center存在缓冲区错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems。 -
Microsoft Windows Kernel 缓冲区错误漏洞 无POC
Microsoft Windows Kernel是美国微软(Microsoft)公司的Windows操作系统的内核。 Microsoft Windows Kernel存在缓冲区错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows 代码问题漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows 存在代码问题漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems。 -
Microsoft Windows 代码问题漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows 存在代码问题漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞 无POC
Microsoft Windows Ancillary Function Driver for WinSock是美国微软(Microsoft)公司的Winsock 的辅助功能驱动程序。 Microsoft Windows Ancillary Function Driver for WinSock存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1。 -
Microsoft Windows DNS 数据伪造问题漏洞 无POC
Microsoft Windows DNS是美国微软(Microsoft)公司的一个域名解析服务。域名系统(DNS)是包含TCP / IP的行业标准协议套件之一,并且DNS客户端和DNS服务器共同为计算机和用户提供计算机名称到IP地址的映射名称解析服务。 Microsoft Windows DNS存在数据伪造问题漏洞。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Routing and Remote Access Service 缓冲区错误漏洞 无POC
Microsoft Windows Routing and Remote Access Service是美国微软(Microsoft)公司的一种网络服务,用于实现网络路由、虚拟专用网络(VPN)和拨号连接等功能。 Microsoft Windows Routing and Remote Access Service存在缓冲区错误漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。 -
Microsoft Windows Kernel Mode Drivers 缓冲区错误漏洞 无POC
Microsoft Windows Kernel Mode Drivers是美国微软(Microsoft)公司的Windows内核模式驱动。 Microsoft Windows Kernel Mode Drivers存在缓冲区错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows 缓冲区错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems。 -
Microsoft Windows Power Dependency Coordinator 资源管理错误漏洞 无POC
Microsoft Windows Power Dependency Coordinator是美国微软(Microsoft)公司的Windows系统中的一个组件,负责协调电源管理相关操作。 Microsoft Windows Power Dependency Coordinator存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems。 -
Microsoft Windows Network Virtualization 资源管理错误漏洞 无POC
Microsoft Windows Network Virtualization是美国微软(Microsoft)公司的一种允许多个虚拟网络在同一个物理网络上运行,同时保持逻辑上的独立性的技术。 Microsoft Windows Network Virtualization存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation)。 -
Microsoft Windows TCP/IP 远程代码执行漏洞 无POC
CVE-2024-38063 是一个严重的远程代码执行(RCE)漏洞,影响所有启用 IPv6 的 Windows 系统。该漏洞存在于 Windows 的 TCP/IP 栈中,攻击者可以通过发送特制的 IPv6 数据包,无需用户交互即可在目标系统上执行任意代码。此漏洞的攻击复杂度低且无需认证,成功利用后,攻击者可以获得系统级别的权限。 -
MS Windows RPCSS CVE-2019-1089 权限提升漏洞 无POC
Microsoft Windows存在权限提升漏洞,此漏洞是由于应用程序在处理恶意构造的程序时产生错误所导致的。 -
Windows RDL存在远程代码执行漏洞(CVE-2024-38077) 无POC
RDL是Windows 远程桌面授权服务,RDL服务并非默认启用,但许多管理员会手动启用它来扩展功能,例如增加远程桌面会话的数量。该漏洞在解码用户输入的许可密钥包时,未正确验证解码后的数据长度与缓冲区大小之间的关系,从而导致缓冲区溢出。这使得攻击者可以通过发送特制的数据包,在目标服务器上执行任意代码。 -
Windows TCP/IP 整数溢出漏洞 可致远程代码执行 无POC
-
Microsoft Windows Libarchive CVE-2024-20697 整数溢出漏洞 无POC
Microsoft Windows Libarchive存在整数溢出漏洞,此漏洞是由于应用程序对RAR文档的压缩数据格式缺乏校验导致的。 -
Microsoft Windows远程桌面许可管理服务 存在缓冲区溢出漏洞 无POC
-
Windows Server远程桌面授权服务 CVE-2024-38077 远程代码执行漏洞 无POC
Windows Server远程桌面授权服务存在远程代码执行漏洞。该漏洞由于在解码用户输入的许可密钥包时,未正确检验解码后数据长度导致缓冲区溢出导致的。 -
Microsoft Windows 访问控制错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在访问控制错误漏洞,该漏洞源于存在特权提升漏洞,可能使具有基本用户权限的攻击者重新引入之前已缓解的漏洞或绕过VBS的某些功能。 -
Microsoft Windows 访问控制错误漏洞 无POC
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows存在访问控制错误漏洞,该漏洞源于在安全内核模式中存在特权提升漏洞。 -
Windows 远程桌面授权服务远程代码执行漏洞 无POC
2024年7月,Microsoft官方发布公告,披露 CVE-2024-38077 Windows Server 远程桌面授权服务(RDL)远程代码执行漏洞。在开启了远程桌面授权服务的情况下,由于在解码许可密钥包时,未正确检验解码后的数据长度与缓冲区大小之间的关系,导致攻击者可构造恶意请求利用缓冲区溢出造成远程代码执行。 -
Microsoft Windows MSI文件签名欺骗漏洞 无POC
Microsoft Windows存在签名欺骗漏洞,此漏洞是由于对文件签名验证不足造成的。 -
MS Windows CVE-2021-31979 权限提升漏洞 无POC
MS Windows存在权限提升漏洞,此漏洞是由于应用程序在处理恶意构造的文件时产生错误所导致的。 -
Microsoft Windows图像文件处理信息泄露漏洞 无POC
Microsoft Windows操作系统中的图像处理组件存在信息泄露漏洞。该漏洞是由于应用程序存在设计缺陷导致的。 -
Microsoft Windows OpenType字体内存损坏漏洞 无POC
Microsoft Windows字体库文件中存在内存损坏漏洞。该漏洞是由于应用程序在处理OpenType字体时存在错误导致的。 -
XAMPP Windows PHP-CGI 代码执行漏洞 无POC
PHP是一种在服务器端执行的脚本语言,在 PHP 的 8.3.8 版本之前存在命令执行漏洞,由于 Windows 的 "Best-Fit Mapping" 特性,在处理查询字符串时,非ASCII字符可能被错误地映射为破折号(-),导致命令行参数解析错误,当 php_cgi 运行在Windows平台上,且代码页为繁体中文、简体中文或日文时,攻击者可以通过特定的查询字符串注入恶意参数,从而执行任意代码。 -
Windows CreateProcess 命令注入漏洞 (BatBadBut) 无POC
Windows 中多个编程语言(Rust\PHP)中存在命令注入漏洞(漏洞被命名为 BatBadBut)。该漏洞源于在满足特定条件时,间接依赖于 CreateProcess 函数的 Windows 应用程序存在命令注入问题。 -
Windows Print Spooler CVE-2022-38028 特权提升漏洞 无POC
Windows Print Spooler存在权限提升漏洞,此漏洞是由于应用对用户打印的文件验证不当导致的。 -
Windows SmartScreen 安全功能绕过漏洞 无POC
Windows SmartScreen 安全功能绕过漏洞 -
Microsoft Office and Windows HTML CVE-2023-36884 代码执行漏洞 无POC
Microsoft Office and Windows存在代码执行漏洞,此漏洞是由于对office文件处理不当导致的。 -
Windows Network File System 信息泄露漏洞 无POC
Windows Network File System存在信息泄露漏洞,此漏洞是由于nfssvr读取程序无法处理由客户端控制并包含在响应包中的最大计算机名和辅助GUID值导致的。 -
Microsoft Windows RD 网关代码执行漏洞 无POC
Windows RD 网关存在代码执行漏洞,此漏洞又被称为 'BlueGate'。 -
Microsoft Windows RD 网关代码执行漏洞 无POC
Windows RD 网关存在代码执行漏洞,此漏洞又被称为 'BlueGate'。 -
Microsoft Windows MSDT 代码执行漏洞 无POC
Microsoft Windows MSDT 中存在代码执行漏洞。该漏洞是由于应用程序未正确过滤用户伪造的数据导致的。 -
Microsoft Windows MSDT 代码执行漏洞 无POC
Microsoft Windows MSDT 中存在代码执行漏洞。该漏洞是由于应用程序未正确过滤用户伪造的数据导致的。 -
Microsoft Windows 消息队列服务 CVE-2023-36606 拒绝服务漏洞 无POC
Microsoft Windows 消息队列服务存在拒绝服务漏洞。此漏洞是由于对接收的MSMQ消息处理不正确导致的。 -
Microsoft Windows支持诊断工具(MSDT) CVE-2022-34713 目录遍历漏洞 无POC
Microsoft Windows支持诊断工具(MSDT)中存在目录遍历漏洞。该漏洞是由于应用程序对 .diagcab 文件的数据缺乏有效的验证导致的。 -
Microsoft Windows QUIC Version Negotiation Packet Handling 拒绝服务漏洞 无POC
Microsoft Windows QUIC传输协议中存在拒绝服务漏洞。漏洞是由于对QUIC协议流量处理不恰当所导致的。 -
Windows Win32k CVE-2024-20683 权限提升漏洞 无POC
Windows Win32k存在权限提升漏洞。此漏洞是由于对接收的文件缺乏校验导致的。 -
Microsoft Windows GDI EMR_SETPIXELV Handling 信息泄露漏洞 无POC
Microsoft Windows的GDI组件中存在信息泄露漏洞。该漏洞是由于GDI处理内存中对象的方式不正确导致的。 -
Microsoft Windows QUIC CVE-2023-36435 拒绝服务漏洞 无POC
Microsoft Windows QUIC 中存在拒绝服务漏洞。该漏洞是由于对传入的QUIC流量处理不正确导致的。 -
Windows Mixed Reality Developer Tools 信息泄露漏洞 无POC
Windows Mixed Reality Developer Tools存在信息泄露漏洞。该漏洞是由于缺乏验证导致的。 -
Microsoft Windows Print Spooler CVE-2022-21999 权限提升漏洞 无POC
Windows Print Spooler 存在权限提升漏洞,此漏洞是缺乏校验导致的。 -
MS Windows CVE-2022-21919 权限提升漏洞 无POC
MS Windows存在权限提升漏洞。 -
Microsoft Windows HTTP.sys 拒绝服务漏洞 无POC
Microsoft Windows HTTP.sys 中存在拒绝服务漏洞,该漏洞是由于对特定数据验证不充分,可能导致系统进入无限循环状态引起的。 -
MS Windows CVE-2022-21916 权限提升漏洞 无POC
MS Windows存在权限提升漏洞。 -
MS Windows CVE-2022-22715 权限提升漏洞 无POC
MS Windows存在权限提升漏洞。 -
Windows通用日志文件系统驱动程序 CVE-2022-24521 权限提升漏洞 无POC
Windows存在权限提升漏洞。此漏洞是由于对接受到的文件缺乏校验导致的。 -
MS Windows CVE-2022-24502 安全特性绕过漏洞 无POC
MS Windows HTML Platforms存在安全特性绕过漏洞。 -
Windows客户端服务器运行子系统(CSRSS)权限提升漏洞 无POC
Windows客户端服务器运行子系统存在权限提升漏洞。此漏洞是由于对接收到的文件缺乏校验导致的。 -
Windows Runtime Prauthproviders CVE-2022-21971远程代码执行漏洞 无POC
Windows Runtime存在远程代码执行漏洞。此漏洞是缺乏对WapAuthProvider::CreateInstance构造函数的检验导致的。 -
MS Windows CVE-2022-21881 权限提升漏洞 无POC
MS Windows存在权限提升漏洞。 -
Microsoft Windows NFS CVE-2022-34715 远程代码执行漏洞 无POC
Windows网络文件系统存在远程代码执行漏洞,这是未正确处理NFSv4请求导致的。 -
Microsoft Windows CVE-2022-26923 权限提升漏洞 无POC
Microsoft Windows Active Directory 域服务存在权限提升漏洞。 -
Microsoft Windows Contacts fnSummaryProc远程代码执行漏洞 无POC
Microsoft Windows Contacts中存在远程代码执行漏洞。此漏洞是由于对VCF和Contact文件处理不当导致的。 -
Windows用户配置文件服务权限提升漏洞 无POC
Windows用户配置文件服务存在权限提升漏洞。此漏洞是由于对接受到的文件缺乏校验导致的。 -
Microsoft Windows Graphics CREATECOLORSPACE EMF 越界读取漏洞 无POC
Microsoft Windows中存在信息泄露漏洞。此漏洞是由于图像组件在处理EMF文件时越界读取所导致的。 -
Windows脚本语句 CVE-2022-41128 远程代码执行漏洞 无POC
Windows脚本语句存在远程代码执行漏洞。此漏洞是缺乏对GlobOpt::OptArraySrc构造函数的检验导致的. -
Windows Cryptographic Services CVE-2023-23416远程代码执行漏洞 无POC
Windows Cryptographic Services存在远程代码执行漏洞,此漏洞是由于对于接收的文件缺乏校验导致的。 -
Windows IKE CVE-2022-34721 远程代码执行漏洞 无POC
Windows IKE存在远程代码执行漏洞。 -
Microsoft Windows Network File System NLM Portmap栈溢出漏洞 无POC
-
MS Windows RMSRoamingSecurity CVE-2022-21974 远程代码执行漏洞 无POC
-
MS Windows CVE-2022-21887 权限提升漏洞 无POC
-
Microsoft Windows Internet Key Exchange Protocol Extensions拒绝服务漏洞 无POC
-
MS Windows CVE-2022-21882 权限提升漏洞 无POC
-
Windows Local SecurityAuthority CVE-2022-26925 欺骗漏洞 无POC
-
MS Windows CVE-2022-21989 权限提升漏洞 无POC
-
Windows Network File System 远程代码执行漏洞 无POC
-
MS Windows CVE-2022-21908 权限提升漏洞 无POC
-
Microsoft Windows Remote Procedure Call Runtime ProcessBindAckOrNak 整数溢出漏洞 无POC
-
Microsoft Windows Remote Procedure Call Runtime ProcessBindAckOrNak 整数溢出漏洞 无POC
-
Microsoft Windows CDFS 驱动 CVE-2022-38044 整数溢出漏洞 无POC
-
Windows Visual Studio Code Git Extension 参数注入漏洞 无POC
-
Windows RDP Client 远程代码执行漏洞 无POC
-
Windows Server CVE-2022-30216 服务篡改漏洞 无POC
-
Windows Server CVE-2022-30216 服务篡改漏洞 无POC
-
Microsoft Windows SmartScreen身份验证绕过漏洞 无POC
-
Microsoft Windows SmartScreen身份验证绕过漏洞 无POC
-
MS Windows CVE-2022-21897 权限提升漏洞 无POC
-
Microsoft Windows SMBv3 CVE-2022-32230 拒绝服务漏洞 无POC
-
Microsoft Windows支持诊断工具(MSDT) CVE-2022-34713 目录遍历漏洞 无POC
-
Microsoft Windows 消息队列服务 CVE-2023-28302 拒绝服务漏洞 无POC
-
Windows Internet Connection Sharing (ICS) 远程代码执行漏洞 无POC
-
Windows Error Reporting Service CVE-2023-36874 权限提升漏洞 无POC
-
Microsoft Windows Message Queuing Service CVE-2023-21769 拒绝服务漏洞 无POC
-
Windows Internet Connection Sharing (ICS) 远程代码执行漏洞 无POC
-
微软Windows第二层隧道协议远程代码执行漏洞 无POC
-
Microsoft Windows IKE Vendor ID CVE-2023-21758 空指针解引用漏洞 无POC
-
Windows Ancillary Function Driver for WinSock 权限提升漏洞 无POC
-
Windows MSHTML Platform CVE-2023-32046 权限提升漏洞 无POC
-
Windows HTTP.sys CVE-2023-23410 权限提升漏洞 无POC
-
Microsoft Windows SmartScreen Authenticode CVE-2023-24880 安全特性绕过漏洞 无POC
-
Windows通用日志文件系统驱动程序权限提升漏洞 无POC
-
Microsoft Windows CVE-2023-24949 PE文件解析拒绝服务漏洞 无POC
-
Windows Server NPS 服务远程代码执行漏洞 无POC
该漏洞是主要针对域控服务器进行攻击的,漏洞针对的 NPS 服务一般只有域控集权等认证服务器才会主动配置,只要进行了相关配置就可以利用该漏洞进行 RCE。 -
Windows CLFS提权漏洞(CVE-2023-28252) 无POC
CVE-2023-28252 是一个存在于clfs.sys(通用日志文件系统驱动程序)中的越界写入漏洞。当目标系统试图扩展元数据块时被利用来获取system权限——Windows中最高的用户权限级别。该漏洞允许改变基础日志文件,作为回报,迫使系统将基础日志文件中的假元素视为真实元素。其通过改变指向内存中一个特定的公共日志文件系统(CLFS)结构的偏移值,使之指向一个恶意结构。此外其在用户层面提供一个指向受控内存的指针,以获得内核的读/写权限。CLFS结构是Windows操作系统使用的CLFS通用日志系统的一部分,它由物理日志文件、日志流、日志记录等组成。 -
Microsoft Windows Secure Socket Tunneling Protocol远程代码执行漏洞 无POC
Microsoft Windows是一款由美国微软公司开发的窗口化操作系统。 -
Windows 打印后台处理程序远程代码执行漏洞 无POC
2021年7月2日,微软官方发布安全公告,披露CVE-2021-34527 Windows Print Spooler远程代码执行漏洞。攻击者可以通过该漏洞绕过RpcAddPrinterDriverEx的安全验证,并在打印服务器中安装恶意的驱动程序,并最终可控制整个域环境。