Lucene search
Abdelhamid NaceriZDI-21-1103HistorySep 16, 2021 - 12:00 a.m.
Microsoft Windows Installer Service Directory Junction Information Disclosure Vulnerability
2021-09-1600:00:00
Abdelhamid Naceri
www.zerodayinitiative.com
15
0.0004 Low
EPSS
Percentile
9.9%
This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer Service. By creating a directory junction, an attacker can abuse the service to disclose the contents of arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
Related
cve
cve
CVE-2021-36962
2021-09-15 12:15:13
cvelist
cvelist
CVE-2021-36962 Windows Installer Information Disclosure Vulnerability
2021-09-15 11:23:37
prion
prion
Information disclosure
2021-09-15 12:15:00
nvd
nvd
CVE-2021-36962
2021-09-15 12:15:13
mscve
mscve
Windows Installer Information Disclosure Vulnerability
2021-09-14 07:00:00
nessus
nessus
KB5005618: Windows Server 2008 September 2021 Security Update
2021-09-14 00:00:00
KB5005607: Windows Server 2012 September 2021 Security Update
2021-09-14 00:00:00
mskb
mskb
September 14, 2021âKB5005618 (Security-only update)
2021-09-14 07:00:00
September 14, 2021âKB5005607 (Security-only update)
2021-09-14 07:00:00
September 14, 2021âKB5005606 (Monthly Rollup)
2021-09-14 07:00:00
kaspersky
kaspersky
KLA12289 Multiple vulnerabilities in Microsoft Products (ESU)
2021-09-14 00:00:00
KLA12290 Multiple vulnerabilities in Microsoft Windows
2021-09-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5005633)
2021-09-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5005613)
2021-09-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5005569)
2021-09-15 00:00:00
qualysblog
qualysblog
rapid7blog
rapid7blog
Patch Tuesday - September 2021
2021-09-15 03:44:31