{"uuid": "7b711bda-ede3-4f06-8d69-0799c8c1a293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17103", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116597222546050317", "content": "The Nightmare-Eclipse repo clearly credits James Forshaw with the CVE-2020-17103 vulnerability that MiniPlasma is based off of.\nDid Nightmare-Eclipse modify MiniPlasma to use a variant of CVE-2020-17103 that still works on modern Windows?\nNO.  MiniPlasma IS the poc from the GPZ write-up\nWhy does it work on current Windows?Well, instead of fixing CVE-2020-17103, they decided to break the PoC instead. And yeah, with Win10 Dec 2020 and Win11 RTM, the GPZ PoC doesn't work.\nBut somewhere between Win11 RTM and 22H2 (I have neither the VM snapshots nor the patience to determine when exactly), whatever thing Microsoft did to break the CVE-2020-17103 PoC regressed.  An because it wasn't a fix, then surely Microsoft had no regression test to detect that the fix was no longer present.\nSo here we are.  MiniPlasma is the GPZ PoC, but modified slightly to achieve LPE instead of creating DEMODEMO in the registry.", "creation_timestamp": "2026-05-18T19:27:08.343112Z"}