Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

CVE Identifiers

The following CVE® identifiers have been assigned to vulnerabilities I reported:
CVE-2024-21325
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
CVE-2020-0515
Intel Graphics Driver Installer Local Privilege Escalation
CVE-2019-20358
Trend Micro Anti-Threat Toolkit (ATTK): remote code execution with escalation of privilege
CVE-2019-6236
Apple iCloud: arbitrary code execution with escalation of privilege via executable installer
CVE-2019-6232
Apple iTunes: arbitrary code execution with escalation of privilege via executable installer
CVE-2019-5676
NVIDIA GPU Display Driver Privilege Escalation Vulnerability
CVE-2018-12150
Intel® Extreme Tuning Utility Privilege Escalation Vulnerability
CVE-2018-12639
Arbitrary code execution with escalation of privilege via executable installer of Gemalto SafeNet Authentication Client
CVE-2018-3701
Intel® PROSet/Wireless WiFi Software Privilege Escalation Vulnerability
CVE-2018-3668
Intel® Processor Diagnostic Tool Privilege Escalation Vulnerability
CVE-2018-3667
Intel® Processor Diagnostic Tool Privilege Escalation Vulnerability
CVE-2018-3635
Intel® Rapid Storage Technology User Interface and Driver Privilege Escalation Vulnerability
CVE-2017-13070
DLL Hijacking vulnerability in Qsync for Windows
CVE-2017-12314
Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
CVE-2017-5688
Intel® Solid State Drive Toolbox; all installers before version 3.4.5 are vulnerable to DLL hijacking, resulting in arbitrary code execution WITH escalation of privilege
CVE-2017-2107
7z*.exe allows remote code execution with escalation of privilege
CVE-2016-7804
7z*.exe allows remote code execution with escalation of privilege
CVE-2016-1000332
gnupg-w32cli-1.4.20.exe and all older installers; all installers before gnupg-w32-2.1.14_20160714.exe are vulnerable to DLL hijacking, resulting in arbitrary code execution WITH escalation of privilege
CVE-2016-1000331
eclipse-inst-win32.exe is vulnerable to DLL (and was to EXE) hijacking, resulting in arbitrary code execution
CVE-2016-7085
VMware Workstation: VMware Workstation installer DLL hijacking
CVE-2016-6804
Apache OpenOffice: Vulnerable Executable Installer
CVE-2016-6167
puTTy: Vulnerable Executable Installer
CVE-2016-4247
Adobe Flash Player: Vulnerability in the Directory Search Path
CVE-2016-1742
Apple iTunes: Vulnerable Executable Installer
CVE-2016-1281
VeraCrypt: Vulnerable Executable Installer
CVE-2016-1014
Adobe Flash Player: Vulnerability in the Directory Search Path
CVE-2016-0603
Oracle Java: Windows Installer
CVE-2016-0602
Oracle VirtualBox: Windows Installer
CVE-2016-0014
Microsoft Windows: DLL Loading Elevation of Privilege Vulnerability
CVE-2015-8264
F-Secure Online Scanner: DLL Pre-Loading Attack
CVE-2014-0315
Microsoft Windows: File Handling Vulnerability
CVE-2010-3190
Apple iTunes: Untrusted Search Path
CVE-2010-2568
Microsoft Windows: Shortcut Icon Loading Vulnerability
CVE-2005-2096
GSview, Virtual Floppy Drive and cURL: Vulnerable zlib
CVE-2005-2056
ClamAV: Quantum Decompressor
CVE-2002-0059
BitDefender Antivirus: Vulnerable zlib

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):


Copyright © 1995–2024 • Stefan Kanthak • <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>