Lucene search

K
zdiThomas Imbert (@masthoon) from Synacktiv (@Synacktiv)ZDI-23-885
HistoryJun 16, 2023 - 12:00 a.m.

(Pwn2Own) Microsoft Windows mskssrv Driver Untrusted Pointer Dereference Local Privilege Escalation Vulnerability

2023-06-1600:00:00
Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv)
www.zerodayinitiative.com
154
vulnerability
privilege escalation
microsoft windows
mskssrv driver
pointer dereference

EPSS

0.004

Percentile

75.5%

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the mskssrv driver. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.