CryptoPro CSP up to and including 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cryptopro csp |