Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Remote Procedure Call

CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

Microsoft Security Response Center
#vulnerability#rce#auth#Windows Remote Procedure Call#Security Vulnerability
CVE-2023-36596: Remote Procedure Call Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-35300: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime.

CVE-2023-35316: Remote Procedure Call Runtime Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-35300: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime.

CVE-2023-35316: Remote Procedure Call Runtime Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-21708: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

CVE-2022-35830: Remote Procedure Call Runtime Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.