No | Text |
1 | Enigma0x3 |
2 | Avira vpn local privilege escalation via ınsecure updatelocation |
3 | Cve-2019-19248: local privilege escalation in ea’s originclient |
4 | Avira optimizer local privilegeescalation |
5 | Cve-2019-13382: local privilege escalation insnagıt |
6 | Cve-2019-13142: razer surround 1.1.63.0eop |
7 | Avira vpn (2.15.2.28160) elevation of privilege through ınsecure updatelocation |
8 | Avira vpn 2.15.2.28160 elevation ofprivilege |
9 | Razer synapse 3 elevation ofprivilege |
10 | Cve-2018–8414: a case study in responsibledisclosure |
11 | Cve-2018-8212: device guard/clm bypa*** using msft_scriptresource |
12 | Post navigation |
13 | Recent posts |
14 | Recent comments |
15 | Archives |
16 | Categories |
17 | Meta |
No | Text |
1 | Dısclosure tımelıne |
2 | Disclosure timeline (2) |
No | Text |
1 | Product Version: (2) |
2 | Operating System tested on: (4) |
3 | Vulnerability: (4) |
4 | Brief Description: (4) |
5 | Vulnerability Explanation: |
6 | Version: (2) |
7 | Advisory: |
8 | EA’s Blog: |
9 | Vulnerability Explanation (2) |
10 | March 13th, 2019 |
11 | March 14th, 2019 |
12 | March 28th, 2019 |
13 | April 4th, 2019 |
14 | May 2nd, 2019 |
15 | May 23rd, 2019 |
16 | June 17th, 2019 |
17 | June 25th, 2019 (2) |
18 | July 8th, 2019 |
19 | August 12th, 2019 |
20 | August 13th, 2019 |
21 | September 6th, 2019 |
22 | September 12th, 2019 |
23 | September 25th, 2019 |
24 | September 26th, 2019 (2) |
25 | October 28th, 2019 (2) |
26 | November 13th, 2019 |
27 | November 13th, 2019: |
28 | November 14th, 2019 |
29 | December 9th, 2019 |
30 | December 10th, 2019 |
31 | Downloaded from: |
32 | via a reboot |
33 | Get-Service AviraPhantomVPN | Stop-Service |
34 | Get-Service AviraPhantomVPN | Start-Service |
35 | Disclosure Timeline: (2) |
36 | 01/10/2019: (2) |
37 | 01/21/2019: |
38 | Timeline: |
No | Text |
1 | DISCLOSURE TIMELINE |
2 | Version: (2) |
3 | Operating System tested on: (4) |
4 | Vulnerability: (4) |
5 | Vulnerability Overview (2) |
6 | Identification and Exploitation (3) |
7 | privileged |
8 | Disclosure Timeline (3) |
9 | C:\ProgramData |
10 | C:\Windows\Temp |
11 | C:\Users\<username>\AppData. |
12 | Purpose |
13 | Product Version: (2) |
14 | Downloaded from: (2) |
15 | Brief Description: (2) |
16 | Vulnerability Explanation |
17 | “C:\ProgramData\Razer\*” |
18 | C:\ProgramData\Razer\*” |
19 | Vulnerability Explanation: |
20 | Exploitation: |
21 | Disclosure Timeline: |
22 | 06/05/2018 |
23 | 06/08/2018 (3) |
24 | 07/05/2018: |
25 | 08/06/2018 |
26 | 08/27/2018 |
27 | 09/14/2018 |
28 | 12/14/2018 (2) |
29 | 12/15/2018 |
30 | 12/16/2018 |
31 | 12/19/2018 |
32 | 12/25/2018 |
33 | 12/27/2018 |
34 | 01/09/2019 |
35 | 01/10/2019 (2) |
36 | The PoC zip contains the weaponized .settingcontent-ms file (which enables code-execution from the internet with no security warnings for the user) |
37 | “which enables code-execution from the internet with no security warnings for the user”. |
38 | We are all human beings |
39 | PLEASE COMMUNICATE TO YOUR RESEARCHERS |
40 | Feb 16, 2018 at 2:37 PM EDT |
41 | Feb 16, 2018 at 4:34 PM EDT: |
42 | March 2, 2018 at 12:27 PM EDT: |
43 | April 24, 2018 at 4:06 PM EDT |
44 | April 25, 2018 at 12:42 PM EDT |
45 | June 1, 2018 at 1:29 PM EDT: |
46 | June 4, 2018 at 10:29 AM EDT: |
47 | July 11, 2018 |
48 | June 14, 2018 at 9:44 AM EDT |
49 | June 14, 2018 at 11:05 AM EDT |
50 | June 26, 2018 at 12:17 PM EDT |
51 | June 26, 2018 at 1:15 PM EDT |
52 | July 3, 2018 at 9:52 PM EDT |
53 | Jul 23, 2018 at 4:49 PM EDT: |
54 | Jul 27, 2018 at 7:47 PM EDT |
55 | Jul 27, 2018 at 7:55 PM EDT: |
56 | Aug 6, 2018 at 3:39 PM EDT: |
57 | Aug 6, 2018 at 4:23 PM EDT: |
58 | Aug 14, 2018: |
59 | Sept 28, 2018 at 4:36 PM EDT: |
No | Text |
1 | C:\ProgramData\Avira\VPN\Update (7) |
2 | C:\ProgramData |
3 | VPNUpdater.UpdateProduct() |
4 | Updater.UpdateToNewPackageIfValid() |
5 | Updater.UpdateToNewPackageifValid() |
6 | Updater.CheckForDownloadedUpdatePackage() |
7 | C:\ProgramData\Avira\VPN\Update\AviraVPNInstaller.exe (4) |
8 | ProductVersion (3) |
9 | Updater.IsUpdateFolderAccessRestricted() |
10 | NT AUTHORITY\SYSTEM |
11 | NT AUTHORITY\SERVICE |
12 | Administrators (2) |
13 | Updater.RestoreUpdateFolder() |
14 | C:\ProgramData\Avira\Update |
15 | Owner |
16 | C:\ProgramData\Avira\Launcher\LogFiles |
17 | C:\ProgramData\Avira\Launcher\Logfiles |
18 | SYSTEM |
19 | SERVICE |
20 | Updater.IsUpdatePackageAuthentic() |
21 | Avira.VPNService.exe |
22 | CefSharp.BrowserSubprocess.exe |
23 | Avira.VPNService.exe” |
Icon | Domain | IP | Alexa Rank |
Ca***iuslife.com | 192.0.78.24 | 277.487 | |
Kuleuvenblogt.be | 192.0.78.24 | 2.762.475 | |
Kriptoinvest.az | 192.0.78.24 | 159.982 | |
Dvdbash.com | 192.0.78.24 | 589.612 | |
Andjoy.store | 192.0.78.24 | 107.187 | |
Btsdiary.com | 192.0.78.24 | 403.895 | |
Sqlzealots.com | 192.0.78.24 | 1.170.451 | |
Crowdsignal.com | 192.0.78.24 | 59.822 | |
Touchnote.com | 192.0.78.24 | 195.092 | |
Europeansting.com | 192.0.78.24 | 411.960 | |
Claudiosanches.com | 192.0.78.24 | 263.623 | |
Thelibertineezine.com | 192.0.78.24 | 420.828 | |
Anticoagulado.info | 192.0.78.24 | 878.805 | |
Jackmoreno.com | 192.0.78.24 | 209.083 | |
Thelibraryofohara.com | 192.0.78.24 | 182.541 | |
Liberoamerica.com | 192.0.78.24 | 938.454 | |
Crescendoaospoucos.com | 192.0.78.24 | 155.739 | |
Rafaeltoledo.net | 192.0.78.24 | 1.199.396 | |
Bongorama.dk | 192.0.78.24 | 2.272.471 | |
Gbm.com | 192.0.78.24 | 39.427 | |
Maidenrevelations.com | 192.0.78.24 | 2.369.939 | |
Simplenote.com | 192.0.78.24 | 14.419 | |
Alexdanco.com | 192.0.78.24 | 249.175 | |
Autotokker.com | 192.0.78.24 | 98.271 | |
Lamontfarm.org.uk | 192.0.78.24 | 1.480.055 | |
Cleanmemes.com | 192.0.78.24 | 460.025 | |
Frena.com.mx | 192.0.78.24 | 414.785 | |
Theintactone.com | 192.0.78.24 | 142.477 | |
Oznurdogan.com | 192.0.78.24 | - | |
Joysblessingspoetry.com | 192.0.78.24 | 115.493 | |
Drummondhigh.org | 192.0.78.24 | 993.023 | |
Bandashowfranciscodemiranda.com | 192.0.78.24 | 2.293.740 | |
Missionfreeiran.org | 192.0.78.24 | 2.994.523 | |
Postsecret.com | 192.0.78.24 | 192.147 | |
Slothtranslationsblog.com | 192.0.78.24 | 646.039 | |
Rogueadventurer.com | 192.0.78.24 | - | |
Peopleneedjesus.net | 192.0.78.24 | 8.873.174 | |
Beyondthelastman.com | 192.0.78.24 | 6.228.849 | |
Beerwinnipeg.com | 192.0.78.24 | - | |
Docantle.blog | 192.0.78.24 | - | |
Reserveresult.com | 192.0.78.24 | - | |
Driventowrite.com | 192.0.78.24 | 2.646.140 | |
Leandomainsearch.com | 192.0.78.24 | 19.890 | |
Williamdavies.blog | 192.0.78.24 | - | |
Asianfilmfestivals.com | 192.0.78.24 | 1.028.760 | |
Deborahmeier.com | 192.0.78.24 | 8.652.653 | |
Ubuntubiographyproject.com | 192.0.78.24 | 10.654.170 | |
Crawlspacemagazine.com | 192.0.78.24 | - | |
Bernalwood.com | 192.0.78.24 | 3.776.726 | |
Ranwhenparked.net | 192.0.78.24 | 2.096.973 | |
Ketteringartscentre.com | 192.0.78.24 | - | |
Florentschmitt.com | 192.0.78.24 | - | |
Selfawaresystems.com | 192.0.78.24 | - | |
Extinctmonsters.net | 192.0.78.24 | 7.025.458 | |
Rfkuang.com | 192.0.78.24 | 2.887.429 | |
Strasbourgobservers.com | 192.0.78.24 | 790.681 | |
Tanitoluwaadewumifoundation.org | 192.0.78.24 | - | |
Pernillesripp.com | 192.0.78.24 | 386.494 | |
Filmtalk.org | 192.0.78.24 | 2.710.342 | |
Nativeheritageproject.com | 192.0.78.24 | 1.956.250 | |
Footnotes2Plato.com | 192.0.78.24 | 6.961.840 | |
Entertainmentrealm.com | 192.0.78.24 | 3.708.364 | |
Atravellerswishlist.com | 192.0.78.24 | 5.214.365 | |
Hal2020.com | 192.0.78.24 | - | |
Gadoliniumtoxicity.com | 192.0.78.24 | 7.367.109 | |
Arcadeblogger.com | 192.0.78.24 | - | |
Calltolight.org | 192.0.78.24 | - | |
Grantgibson.co.uk | 192.0.78.24 | 8.034.246 | |
Balyozdavasivegercekler.com | 192.0.78.24 | - | |
Dscriber.com | 192.0.78.24 | - | |
Bcmm.us | 192.0.78.24 | - | |
Africasustainableconservation.com | 192.0.78.24 | 1.559.532 | |
Rabbibrant.com | 192.0.78.24 | 4.877.392 | |
Equalsdrummond.name | 192.0.78.24 | - | |
Palauconsulate.org.uk | 192.0.78.24 | - | |
Ukma.org.uk | 192.0.78.24 | 8.087.400 | |
Ansionnachfionn.com | 192.0.78.24 | 2.014.405 | |
Isaacnewton.ca | 192.0.78.24 | - | |
Calendariosaboresbolivia.com | 192.0.78.24 | 8.773.533 | |
Daytrippin.com | 192.0.78.24 | 10.152.988 | |
Darylgregory.com | 192.0.78.24 | 7.778.354 | |
Apparatusmag.com | 192.0.78.24 | 8.600.145 | |
Andphilosophy.com | 192.0.78.24 | - | |
Fangirlfury.com | 192.0.78.24 | 3.023.307 | |
Theminaretonline.com | 192.0.78.24 | 6.320.294 | |
Ma***imobanzi.com | 192.0.78.24 | 4.714.401 | |
Meetrosy.com | 192.0.78.24 | 1.710.041 | |
Peacetheology.net | 192.0.78.24 | - | |
Allinarowisableist.com | 192.0.78.24 | - | |
Perezcope.com | 192.0.78.24 | 977.300 | |
Greilmarcus.net | 192.0.78.24 | 5.382.277 | |
Allthingsaafs.com | 192.0.78.24 | 7.926.237 | |
Glitternight.com | 192.0.78.24 | 2.490.451 | |
Richardberkowitz.com | 192.0.78.24 | 5.256.969 | |
Cnncommentary.com | 192.0.78.24 | 3.007.594 | |
Russiandefpolicy.blog | 192.0.78.24 | - | |
Gameslatestnews.com | 192.0.78.24 | - | |
Ericbrightwell.com | 192.0.78.24 | 4.925.713 | |
Our-Compa***.org | 192.0.78.24 | 10.574.515 | |
Pilgrimagemedievalireland.com | 192.0.78.24 | - | |
Historiadomus.net | 192.0.78.24 | - | |
Sirenwire.com | 192.0.78.24 | - | |
Brooklynzinefest.com | 192.0.78.24 | - | |
Thedeletebin.com | 192.0.78.24 | - | |
Waragainstallpuertoricans.com | 192.0.78.24 | 5.746.829 | |
Sshm.org | 192.0.78.24 | - | |
Westonsandsculpture.co.uk | 192.0.78.24 | - | |
Ismailignosis.com | 192.0.78.24 | 3.554.599 | |
Mynewsla.com | 192.0.78.24 | 209.827 | |
Rawinfopages.com | 192.0.78.24 | - |