Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiMarcin WiazowskiZDI-21-287
HistoryMar 15, 2021 - 12:00 a.m.

Microsoft Windows win32kfull bStretch NULL Pointer Dereference Privilege Escalation Vulnerability

2021-03-1500:00:00
Marcin Wiazowski
www.zerodayinitiative.com
25
microsoft windows
win32kfull
bstretch
null pointer dereference
privilege escalation
vulnerability
local attackers
low-privileged code
win32kfull.sys driver
dereferencing
arbitrary code
context of system

EPSS

0.001

Percentile

28.3%

JSON

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull.sys driver. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

Related

zdi 10
nvd 1
prion 1
mscve 1
cvelist 1
cve 1
attackerkb 1
threatpost 1
nessus 9
mskb 14
openvas 2
kaspersky 2
rapid7blog 1
zdi
zdi
Microsoft Windows win32kfull MulTextOut Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-29 00:00:00
Microsoft Windows win32kfull MulStrokeAndFillPath Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-29 00:00:00
Microsoft Windows win32kfull MulStrokePath Untrusted Pointer Dereference Privilege Escalation Vulnerability
2021-04-28 00:00:00
nvd
nvd
CVE-2021-27077
2021-03-11 16:15:18
prion
prion
Privilege escalation
2021-03-11 16:15:00
mscve
mscve
Windows Win32k Elevation of Privilege Vulnerability
2021-03-09 08:00:00
cvelist
cvelist
CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability
2021-03-11 15:50:54
cve
cve
CVE-2021-27077
2021-03-11 16:15:18
attackerkb
attackerkb
CVE-2021-27077
2021-03-11 00:00:00
threatpost
threatpost
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
2021-03-09 22:12:56
nessus
nessus
KB5000856: Windows Server 2008 March 2021 Security Update
2021-03-09 00:00:00
KB5000807: Windows 10 March 2021 Security Update
2021-03-09 00:00:00
KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update
2021-03-09 00:00:00
mskb
mskb
March 9, 2021—KB5000856 (Security-only update)
2021-03-09 08:00:00
March 9, 2021—KB5000844 (Monthly Rollup)
2021-03-09 08:00:00
March 9, 2021—KB5000807 (OS Build 10240.18874)
2021-03-09 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5000807)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000802)
2021-03-10 00:00:00
kaspersky
kaspersky
KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)
2021-03-09 00:00:00
KLA12111 Multiple vulnerabilities in Microsoft Windows
2021-03-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03

EPSS

0.001

Percentile

28.3%

JSON
Related for ZDI-21-287
zdi10nvd1prion1mscve1cvelist1cve1attackerkb1threatpost1nessus9mskb14openvas2kaspersky2rapid7blog1