Advisories

Public Vulnerabilities & CVEs found by YLabs. All releases are governed by our Vulnerability Disclosure Policy.

CVE-2021-41285: Crucial Ballistix MOD Utility v. <= 2.0.2.5 - Multiple Privilege Escalation (LPE/EoP)

Severity: High

Crucial by Micron Technology, Inc Ballistix MOD Utility v.<= 2.0.2.5 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the MODAPI.sys driver component.

All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:

Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space.
Read/write Model-Specific Registers (MSRs) via the __readmsr/__writemsr functions calls.
Read/write 1/2/4 bytes to or from an IO port.

Attackers could exploit these issues to achieve local privilege escalation from low-privileged users to NT AUTHORITY\SYSTEM.

CVE‑2021‑1079: NVIDIA GeForce Experience v.<= 3.21 - Arbitrary File Write

Severity: High

NVIDIA GeForce Experience v.<= 3.21 is affected by an Arbitrary File Write vulnerability in GameStream plugins where log files are created using NT/System level permissions, which lead to Elevation of Privileges (EoP) to Code Execution.

CVE-2021-26237: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE-2021-26236: FastStone Image Viewer v.<= 7.5 Stack-based Buffer Overflow

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality ('BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

CVE-2021-26235: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE-2021-26234: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE-2021-26233: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.