Microsoft Windows DrawIconEx Local Privilege Escalation
Posted by deepcore on December 16, 2020 – 1:35 am
This Metasploit module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k. The out of bounds write can be used to overwrite the pvbits of a SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user. This module has been tested against a fully updated Windows 7 x64 SP1. Offsets within the exploit code may need to be adjusted to work with other versions of Windows.
Post a reply
You must be logged in to post a comment.