Search the Community

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. [hide][Hidden Content]]

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. It works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1, TH2, RS1, RS2), including Server variants. WinObjEx64 does not work on Windows XP, Windows Vista is partially supported and has no plans for their full support. In order to use all program features Windows must be booted in the DEBUG mode. Changelog v1.9.3 updated SeCiCallbacks search for newest Windows versions added Windows Server 2022 support fix win32k ApiSet resolving for Win10 21H2 fix ObCallbacks enumeration issues support for various kernel driver helpers ported to msvc 2022 (with backward compatibility to 2019) bugfixes rtls updated [hide][Hidden Content]]

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. It works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1, TH2, RS1, RS2), including Server variants. WinObjEx64 does not work on Windows XP, Windows Vista is partially supported and has no plans for their full support. In order to use all program features Windows must be booted in the DEBUG mode. Changelog v1.9.2 more Win10/11 21h2 compatibility changes added FLT_FILTER, FLT_OBJECT structured dump added authenticode hash calculation for loaded drivers (extras->Drivers, use popup menu on driver entry) added coalescing callbacks to callbacks list various minor UI changes fix misbehavior with recent wine staging 6.x internal rearrange rtls updated [hide][Hidden Content]]

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. It works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1, TH2, RS1, RS2), including Server variants. WinObjEx64 does not work on Windows XP, Windows Vista is partially supported and has no plans for their full support. In order to use all program features Windows must be booted in the DEBUG mode. Changelog v1.9.1 21h2 compatibility improvements rtls updated [hide][Hidden Content]]

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. Changelog v1.9 added Section object structured dump added ALPC port connections list (similar to !alpc /lpc windbg command) added MmUnloadedDrivers list added ExCreateCallback list to the callbacks list (PR #26) updated ApiSet plugin now support in place search filter internal rearrange [hide][Hidden Content]]

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. It works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1, TH2, RS1, RS2), including Server variants. WinObjEx64 does not work on Windows XP, Windows Vista is partially supported and has no plans for their full support. In order to use all program features Windows must be booted in the DEBUG mode. Changelog v1.8.8 internal rearrange view security for ALPC ports (most of them) security descriptor view dialog (object SID, DACL & SACL) fix #24 (SCM services list query) fix #25 (jump to file may fail under certain conditions) various minor UI changes 21h1 compatibility improvements [hide][Hidden Content]]

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. It let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. It works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1, TH2, RS1, RS2), including Server variants. WinObjEx64 does not work on Windows XP, Windows Vista is partially supported and has no plans for their full support. In order to use all program features Windows must be booted in the DEBUG mode. Changelog v1.8.7 01 August 2020 20h1/20h2/21h1 compatibility improvements added recognizing of shimmed drivers for drivers list (win10+) show process trust label for sections if it present plugins system extended and upgraded to support context plugins added imagescope plugin for section object types backed by imagefile added plugins viewer various minor changes treelist: fix tooltips flickering on Windows 7 [hide][Hidden Content]]

Microsoft Windows suffers from an insecure CSharedStream object privilege escalation vulnerability. View the full article

SugarCRM versions 9.0.1 and below suffer from multiple php object injection vulnerabilities. View the full article

NSKeyedUnarchiver suffers from a use-after-free vulnerability with ObjC objects when unarchiving OITSUIntDictionary instances even if secureCoding is required. View the full article

Linux suffers from broken permission and object lifetime handling for PTRACE_TRACEME. View the full article

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload. View the full article

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3. View the full article

Chrome suffers from an internal object leak vulnerability in ReadableStream. View the full article

OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability. View the full article

LongBox Limited Access Manager suffers from an insecure direct object reference vulnerability. This issue affects Access Manager versions 1.2 through 1.4-RG3. It has been addressed in versions greater than or equal to 1.4-RG4. View the full article

PEAR Archive_Tar versions prior to 1.4.4 suffers from a php object injection vulnerability. View the full article

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion. View the full article

Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users. View the full article

Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability. View the full article

WebKit JIT int32/double arrays can have proxy objects in the prototype chains. View the full article

Microsoft Windows 10 1803 and 1809 have an issue with unnamed kernel object creation. It's possible to default the security descriptor owner or mandatory label to the value from an Identification level impersonation token leading to elevation of privilege. View the full article

Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter. View the full article

OSCAR EMR version 15.21beta361 suffers from remote code execution, cross site request forgery, cross site scripting, denial of service, deserialization, remote SQL injection, and path traversal vulnerabilities. View the full article