Microsoft Windows splWOW64 Privilege Escalation

Posted by deepcore on December 24, 2020 – 2:55 am

CVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] Apartment Visitors Management System 1.0 – Authentication Bypass usrsctp COOKIE-ECHO Use-After-Free »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft Windows splWOW64 Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL