CVE-2020-9331

2020-10-23T05:15:00
ID CVE-2020-9331
Type cve
Reporter cve@mitre.org
Modified 2020-11-03T01:13:00

Description

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.