Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiLucas Leong (@_wmliang_) of Trend Micro's Zero Day InitiativeZDI-20-1433
HistoryJan 08, 2021 - 12:00 a.m.

(0Day) Microsoft Windows splwow64 Out-Of-Bounds Read Information Disclosure Vulnerability

2021-01-0800:00:00
Lucas Leong (@_wmliang_) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
332

0.001 Low

EPSS

Percentile

34.8%

JSON

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode printer driver host process splwow64.exe. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges from low integrity and execute code in the context of the current user at medium integrity.

Related

mscve 1
zdi 7
cve 1
cvelist 1
nvd 1
prion 1
openvas 9
qualysblog 1
thn 1
krebs 1
threatpost 1
attackerkb 1
googleprojectzero 1
avleonov 1
mskb 10
nessus 8
kaspersky 1
rapid7blog 1
mscve
mscve
Microsoft splwow64 Elevation of Privilege Vulnerability
2021-01-12 08:00:00
zdi
zdi
(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability
2020-12-15 00:00:00
Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-01-14 00:00:00
Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability
2021-01-21 00:00:00
cve
cve
CVE-2021-1648
2021-01-12 20:15:30
cvelist
cvelist
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability
2021-01-12 19:42:01
nvd
nvd
CVE-2021-1648
2021-01-12 20:15:30
prion
prion
Privilege escalation
2021-01-12 20:15:00
openvas
openvas
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17008)
2021-01-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4598278)
2021-01-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4598285)
2021-01-13 00:00:00
qualysblog
qualysblog
January 2021 Patch Tuesday – 83 Vulnerabilities, 10 Critical, One Zero Day, Adobe
2021-01-12 20:01:43
thn
thn
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
2021-01-13 05:01:00
krebs
krebs
Microsoft Patch Tuesday, January 2021 Edition
2021-01-13 01:32:20
threatpost
threatpost
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
2021-01-12 21:45:23
attackerkb
attackerkb
CVE-2020-0986
2020-06-09 00:00:00
googleprojectzero
googleprojectzero
DΓ©jΓ  vu-lnerability
2021-02-03 00:00:00
avleonov
avleonov
Vulristics: Microsoft Patch Tuesdays Q1 2021
2021-03-26 02:47:52
mskb
mskb
January 12, 2021β€”KB4598278 (Monthly Rollup)
2021-01-12 08:00:00
January 12, 2021β€”KB4598297 (Security-only update)
2021-01-12 08:00:00
January 12, 2021β€”KB4598275 (Security-only update)
2021-01-12 08:00:00
nessus
nessus
KB4598297: Windows Server 2012 January 2021 Security Update
2021-01-12 00:00:00
KB4598275: Windows 8.1 and Windows Server 2012 R2 January 2021 Security Update
2021-01-12 00:00:00
KB4598231: Windows 10 January 2021 Security Update
2021-01-12 00:00:00
kaspersky
kaspersky
KLA12045 Multiple vulnerabilities in Microsoft Windows
2021-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2021
2021-01-12 23:59:00

0.001 Low

EPSS

Percentile

34.8%

JSON
Related for ZDI-20-1433
mscve1zdi7cve1cvelist1nvd1prion1openvas9qualysblog1thn1krebs1threatpost1attackerkb1googleprojectzero1avleonov1mskb10nessus8kaspersky1rapid7blog1