LucaBarile

5 exploits Active since Mar 2023
CVE-2023-23396 NOMISEC MEDIUM SUSPICIOUS
Microsoft Office Online Server - Denial of Service via Excel File Processing
Microsoft Excel Denial of Service Vulnerability
6 stars
CVSS 6.5
CVE-2023-32163 NOMISEC HIGH WRITEUP
Wacom Drivers for Windows - Local Privilege Escalation via Symbolic Link
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.
2 stars
CVSS 7.8
CVE-2022-38604 NOMISEC HIGH WORKING POC
Wacom Driver <6.3.46-1 - Privilege Escalation
Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.
2 stars
CVSS 7.3
CVE-2023-32162 NOMISEC HIGH WRITEUP
Wacom Drivers for Windows - Local Privilege Escalation via WacomInstallI.txt File Permissions
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318.
CVSS 7.8
CVE-2022-43293 NOMISEC MEDIUM WRITEUP
Wacom Driver <6.3.46-1 - Arbitrary File Write
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.
CVSS 5.9