Lucene search

K
zdiMarcin WiazowskiZDI-21-1006
HistoryAug 26, 2021 - 12:00 a.m.

Microsoft Windows Canonical Display Driver DrvStrokePath Untrusted Pointer Dereference Privilege Escalation Vulnerability

2021-08-2600:00:00
Marcin Wiazowski
www.zerodayinitiative.com
25
microsoft windows
canonical display driver
privilege escalation
vulnerability
exploit
low-privileged code
cdd.dll
user-supplied value
pointer dereference
arbitrary code
system context

EPSS

0.001

Percentile

31.2%

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cdd.dll driver. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.