Windows Bug Class Exploits COM Object Vulnerabilities
/ 1 min read
🕵️♂️ New Windows Bug Class Exploits COM Object Trapping for Potential Code Injection. A recent analysis highlights vulnerabilities in Windows’ object-oriented remoting technologies, particularly with COM and .NET Remoting, which can lead to privilege escalation and remote code execution. The article discusses the “trapped object bug class,” where unsafe objects, like XML documents, can be inadvertently exposed across security boundaries, allowing malicious clients to execute arbitrary code on the server. Specific examples, including CVE-2019-0555 and CVE-2017-0211, illustrate how attackers can exploit these vulnerabilities. The author also explores the implications of injecting code into Windows Protected Processes, demonstrating a method to redirect COM class registrations to facilitate such attacks, emphasizing the need for improved security measures in remoting technologies.
