Me, myself & IT

CVE Identifiers

The following CVE^® identifiers have been assigned to vulnerabilities I reported:

CVE-2024-21325: Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability

CVE-2020-0515: Intel Graphics Driver Installer Local Privilege Escalation

CVE-2019-20358: Trend Micro Anti-Threat Toolkit (ATTK): remote code execution with escalation of privilege

CVE-2019-6236: Apple iCloud: arbitrary code execution with escalation of privilege via executable installer

CVE-2019-6232: Apple iTunes: arbitrary code execution with escalation of privilege via executable installer

CVE-2019-5676: NVIDIA GPU Display Driver Privilege Escalation Vulnerability

CVE-2018-12150: Intel^® Extreme Tuning Utility Privilege Escalation Vulnerability

CVE-2018-12639: Arbitrary code execution with escalation of privilege via executable installer of Gemalto SafeNet Authentication Client

CVE-2018-3701: Intel^® PROSet/Wireless WiFi Software Privilege Escalation Vulnerability

CVE-2018-3668: Intel^® Processor Diagnostic Tool Privilege Escalation Vulnerability

CVE-2018-3667: Intel^® Processor Diagnostic Tool Privilege Escalation Vulnerability

CVE-2018-3635: Intel^® Rapid Storage Technology User Interface and Driver Privilege Escalation Vulnerability

CVE-2017-13070: DLL Hijacking vulnerability in Qsync for Windows

CVE-2017-12314: Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability

CVE-2017-5688: Intel^® Solid State Drive Toolbox^™; all installers before version 3.4.5 are vulnerable to DLL hijacking, resulting in arbitrary code execution WITH escalation of privilege

CVE-2017-2107: 7z*.exe allows remote code execution with escalation of privilege

CVE-2016-7804: 7z*.exe allows remote code execution with escalation of privilege

CVE-2016-1000332: gnupg-w32cli-1.4.20.exe and all older installers; all installers before gnupg-w32-2.1.14_20160714.exe are vulnerable to DLL hijacking, resulting in arbitrary code execution WITH escalation of privilege

CVE-2016-1000331: eclipse-inst-win32.exe is vulnerable to DLL (and was to EXE) hijacking, resulting in arbitrary code execution

CVE-2016-7085: VMware Workstation: VMware Workstation installer DLL hijacking

CVE-2016-6804: Apache OpenOffice: Vulnerable Executable Installer

CVE-2016-6167: puTTy: Vulnerable Executable Installer

CVE-2016-4247: Adobe Flash Player: Vulnerability in the Directory Search Path

CVE-2016-1742: Apple iTunes: Vulnerable Executable Installer

CVE-2016-1281: VeraCrypt: Vulnerable Executable Installer

CVE-2016-1014: Adobe Flash Player: Vulnerability in the Directory Search Path

CVE-2016-0603: Oracle Java: Windows Installer

CVE-2016-0602: Oracle VirtualBox: Windows Installer

CVE-2016-0014: Microsoft Windows: DLL Loading Elevation of Privilege Vulnerability

CVE-2015-8264: F-Secure Online Scanner: DLL Pre-Loading Attack

CVE-2014-0315: Microsoft Windows: File Handling Vulnerability

CVE-2010-3190: Apple iTunes: Untrusted Search Path

CVE-2010-2568: Microsoft Windows: Shortcut Icon Loading Vulnerability

CVE-2005-2096: GSview, Virtual Floppy Drive and cURL: Vulnerable zlib

CVE-2005-2056: ClamAV: Quantum Decompressor

CVE-2002-0059: BitDefender Antivirus: Vulnerable zlib

Contact and Feedback

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.