Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-17008

Vulnerability Summary

CVE-2020-0986, which was exploited in the wild[1] was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.

Vulnerability Trend

Github Repositories

https://github.com/jas502n/CVE-2020-17008

CVE-2020-17008 splWOW64 Elevation of Privilege

CVE-2020-17008 splWOW64 Elevation of Privilege C:\Windows\splwow64exe Poc From: bugschromiumorg/p/project-zero/issues/detail?id=2096 0x01 set splwow64_pocexe Low cd splwow64_poc\x64\Release icacls splwow64_pocexe /setintegritylevel L /setintegritylevel [(CI)(OI)]级别将完整性 ACE 显式 添加到所有匹配文件。要指定的级别为以下级别

References

https://github.com/jas502n/CVE-2020-17008https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook