Microsoft Windows NtUserMNDragOver Local Privilege Elevation
This module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex, which is reachable via a NtUserMNDragOver system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint function does not effectively check the validity of the tagPOPUPMENU objects it...