Vonahi Security's Blog
  • Vonahi Security Home
  • Blog
  • Weekly Threat Reports

privilege escalation

A collection of 2 posts

SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched
privilege escalation

SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched

This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.

  • Erik Wynter
    Erik Wynter
11 min read
When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)
research

When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)

Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.

  • Erik Wynter
    Erik Wynter
14 min read
Vonahi Security's Blog © 2025
Latest Posts Facebook Twitter LinkedIn GitHub