Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
644
VMScore

CVE-2022-21882

Published: 11/01/2022 Updated: 21/12/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 644
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows Server 2019

Vulnerability Summary

Win32k Elevation of Privilege Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 11 -

microsoft windows server 20h2

microsoft windows server 2022

microsoft windows 10 21h2

Exploits

Exploit DB: Win32k ConsoleControl Offset Confusion / Privilege Escalation
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value This can be leveraged to achieve an out of bounds write op ...

Github Repositories

https://github.com/dishfwk/CVE-2022-21882

CVE-2022-21882 win32k LPE bypass CVE-2021-1732 only tested on windows 20h2 190421415 twittercom/kalendsi/status/1483770845138804738

https://github.com/L4ys/CVE-2022-21882

CVE-2022-21882 Win32k Elevation of Privilege Vulnerability For Windows 10 21H2 Only

https://github.com/r1l4-i3pur1l4/CVE-2022-21882

CVE-2022-21882 Win32k Elevation Of Privileges Techniques inspired from: githubcom/L4ys/CVE-2022-21882 githubcom/exploitblizzard/Windows-Privilege-Escalation-CVE-2021-1732

https://github.com/r1l4-i3pur1l4/CVE-2021-1732

CVE-2021-1732 Win32k Elevation Of Privileges Techniques inspired from: githubcom/L4ys/CVE-2022-21882 githubcom/exploitblizzard/Windows-Privilege-Escalation-CVE-2021-1732

https://github.com/KaLendsi/CVE-2022-21882

win32k LPE

CVE-2022-21882 win32k LPE bypass CVE-2021-1732 only tested on windows 20h2 190421415 twittercom/kalendsi/status/1483770845138804738

https://github.com/sailay1996/cve-2022-21882-poc

lpe poc for cve-2022-21882

cve-2022-21882-poc lpe poc for cve-2022-21882

https://github.com/David-Honisch/Microsoft-Windows

Some nice little open source apps

LC2Navigator2024 and some other funny projects and examples some nice apps and my official application - lc2navigator 2024 Website: letztechanceorg LetzteChanceOrg LC powered by vue) LC powered by angular) Projects and Source Code: githubcom/David-Honisch/Microsoft-Windows/tree/master/LC2Navigator2024 githubcom/David-Honisch/install https:/

https://github.com/David-Honisch/CVE-2022-21882

CVE-2022-21882

CVE-2022-21882 win32k LPE bypass CVE-2021-1732 Test only tested on windows 20h2 190421415 tested on windows 21H1 (not working) Download rawgithubusercontentcom/David-Honisch/CVE-2022-21882/main/x64/Release/CVE-2021-1732exe Many thanks to Kalendski Based on: twittercom/kalendsi/status/1483770845138804738

https://github.com/hugefiver/mystars

Awesome Stars A curated list of my GitHub stars! Generated by stargazed 🏠 Contents AGS Script (1) ASL (1) ASP (2) Adblock Filter List (1) AngelScript (1) Assembly (12) AutoHotkey (3) AutoIt (1) Batchfile (13) Bicep (2) Bikeshed (1) Blade (1) C (573) C# (355) C++ (553) CMake (5) CSS (49) Clojure (24) CodeQL (1) CoffeeScript (4) Common Lisp (19) Coq (1) Crystal (4) Cuda

Recent Articles

IT threat evolution in Q1 2022. Non-mobile statistics
Securelist • AMR • 27 May 2022

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe. Web Anti-Virus recognized 313,164,030 unique URLs as ma...

Read more...

References

CWE-787https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21882http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.htmlhttps://github.com/KaLendsi/CVE-2022-21882
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook