Lucene search
Marcin WiazowskiZDI-22-1692HistoryDec 28, 2022 - 12:00 a.m.
Microsoft Windows GreDrawStream Use-After-Free Local Privilege Escalation Vulnerability
2022-12-2800:00:00
Marcin Wiazowski
www.zerodayinitiative.com
45
microsoft windows
gredrawstream
use-after-free
local privilege escalation
crafted data
system.
EPSS
0.001
Percentile
25.5%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GreDrawStream function. Crafted data passed to this function can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cvelist
cvelist
nvd
nvd
CVE-2022-44671
2022-12-13 19:15:12
mscve
mscve
Windows Graphics Component Elevation of Privilege Vulnerability
2022-12-13 08:00:00
cve
cve
CVE-2022-44671
2022-12-13 19:15:12
prion
prion
Privilege escalation
2022-12-13 19:15:00
talosblog
talosblog
nessus
nessus
KB5021255: Windows 11 Version 22H2 Security Update (December 2022)
2022-12-13 00:00:00
KB5021234: Windows 11 Security Update (December 2022)
2022-12-13 00:00:00
KB5021249: Windows Server 2022 Security Update (December 2022)
2022-12-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5021255)
2023-08-08 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5021237)
2022-12-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5021233)
2022-12-14 00:00:00
mskb
mskb
December 13, 2022âKB5021234 (OS Build 22000.1335)
2022-12-13 08:00:00
December 13, 2022âKB5021255 (OS Build 22621.963)
2022-12-13 08:00:00
December 13, 2022âKB5021249 (OS Build 20348.1366)
2022-12-13 08:00:00
kaspersky
kaspersky
KLA20117 Multiple vulnerabilities in Microsoft Windows
2022-12-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2022
2022-12-13 21:24:06