Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiElliot Cao (@iamelli0t) working with Trend Micro's Zero Day InitiativeZDI-21-078
HistoryJan 21, 2021 - 12:00 a.m.

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

2021-01-2100:00:00
Elliot Cao (@iamelli0t) working with Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
102

0.001 Low

EPSS

Percentile

34.8%

JSON

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode printer driver host process splwow64.exe. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges from low integrity and execute arbitrary code in the context of the current user at medium integrity.

Related

nvd 1
mscve 1
zdi 7
prion 1
cve 1
cvelist 1
openvas 9
qualysblog 1
thn 1
krebs 1
threatpost 1
attackerkb 1
googleprojectzero 1
avleonov 1
nessus 8
mskb 10
kaspersky 1
rapid7blog 1
nvd
nvd
CVE-2021-1648
2021-01-12 20:15:30
mscve
mscve
Microsoft splwow64 Elevation of Privilege Vulnerability
2021-01-12 08:00:00
zdi
zdi
(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability
2020-12-15 00:00:00
Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability
2021-01-14 00:00:00
(0Day) Microsoft Windows splwow64 Out-Of-Bounds Write Privilege Escalation Vulnerability
2020-12-15 00:00:00
prion
prion
Privilege escalation
2021-01-12 20:15:00
cve
cve
CVE-2021-1648
2021-01-12 20:15:30
cvelist
cvelist
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability
2021-01-12 19:42:01
openvas
openvas
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17008)
2021-01-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4598278)
2021-01-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4598285)
2021-01-13 00:00:00
qualysblog
qualysblog
January 2021 Patch Tuesday – 83 Vulnerabilities, 10 Critical, One Zero Day, Adobe
2021-01-12 20:01:43
thn
thn
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
2021-01-13 05:01:00
krebs
krebs
Microsoft Patch Tuesday, January 2021 Edition
2021-01-13 01:32:20
threatpost
threatpost
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
2021-01-12 21:45:23
attackerkb
attackerkb
CVE-2020-0986
2020-06-09 00:00:00
googleprojectzero
googleprojectzero
DΓ©jΓ  vu-lnerability
2021-02-03 00:00:00
avleonov
avleonov
Vulristics: Microsoft Patch Tuesdays Q1 2021
2021-03-26 02:47:52
nessus
nessus
KB4598297: Windows Server 2012 January 2021 Security Update
2021-01-12 00:00:00
KB4598275: Windows 8.1 and Windows Server 2012 R2 January 2021 Security Update
2021-01-12 00:00:00
KB4598230: Windows 10 Version 1809 and Windows Server 2019 January 2021 Security Update
2021-01-12 00:00:00
mskb
mskb
January 12, 2021β€”KB4598278 (Monthly Rollup)
2021-01-12 08:00:00
January 12, 2021β€”KB4598297 (Security-only update)
2021-01-12 08:00:00
January 12, 2021β€”KB4598275 (Security-only update)
2021-01-12 08:00:00
kaspersky
kaspersky
KLA12045 Multiple vulnerabilities in Microsoft Windows
2021-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2021
2021-01-12 23:59:00

0.001 Low

EPSS

Percentile

34.8%

JSON
Related for ZDI-21-078
nvd1mscve1zdi7prion1cve1cvelist1openvas9qualysblog1thn1krebs1threatpost1attackerkb1googleprojectzero1avleonov1nessus8mskb10kaspersky1rapid7blog1