Lucene search
Bear13oy of CloverSec LabsZDI-17-285HistoryApr 11, 2017 - 12:00 a.m.
Microsoft Windows Font Object Buffer Overflow Privilege Escalation Vulnerability
2017-04-1100:00:00
bear13oy of CloverSec Labs
www.zerodayinitiative.com
23
0.328 Low
EPSS
Percentile
97.1%
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of font data in win32k.sys. By making API calls with crafted parameters, code can trigger an overflow of a buffer. An attacker can leverage this vulnerability to escalate privilege to SYSTEM.
Related
cve
cve
CVE-2017-0155
2017-04-12 14:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Graphics Elevation of Privilege (CVE-2017-0155)
2017-04-11 00:00:00
prion
prion
Privilege escalation
2017-04-12 14:59:00
nvd
nvd
CVE-2017-0155
2017-04-12 14:59:00
symantec
symantec
mscve
mscve
Win32k Elevation of Privilege Vulnerability
2017-04-11 07:00:00
cvelist
cvelist
CVE-2017-0155
2017-04-12 14:00:00
mskb
mskb
Security update for the Win32k information disclosure and escalation of privilege vulnerabilities in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
April 11, 2017âKB4015546 (Security-only update)
2017-04-11 07:00:00
April 11, 2017âKB4015549 (Monthly Rollup)
2017-04-11 07:00:00
openvas
openvas
Microsoft Privilege Elevation And Information Disclosure Vulnerabilities (KB4015195)
2017-04-12 00:00:00
Microsoft Windows Monthly Rollup (KB4015549)
2017-04-12 00:00:00
nessus
nessus
kaspersky
kaspersky
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00