Lucene search

K

MitreCVELIST:CVE-2020-36603

HistoryOct 15, 2020 - 12:00 a.m.

CVE-2020-36603

2020-10-1500:00:00

mitre

www.cve.org

0.002 Low

EPSS

Percentile

52.5%

The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.

References

github.com/kagurazakasanae/Mhyprot2DrvControl

github.com/kkent030315/evil-mhyprot-cli

web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html

www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html

www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims

0.002 Low

EPSS

Percentile

52.5%

Related for CVELIST:CVE-2020-36603

prion1 cve1 nvd1