module
Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation
| Disclosed | Created |
|---|---|
| 2020-02-20 | 2020-12-15 |
Disclosed
2020-02-20
Created
2020-12-15
Description
This module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx
within win32k. The out of bounds write can be used to overwrite the pvbits of a
SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel
memory, an attacker can gain arbitrary code execution as the SYSTEM user.
This module has been tested against a fully updated Windows 7 x64 SP1. Offsets
within the exploit code may need to be adjusted to work with other versions of
Windows.
within win32k. The out of bounds write can be used to overwrite the pvbits of a
SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel
memory, an attacker can gain arbitrary code execution as the SYSTEM user.
This module has been tested against a fully updated Windows 7 x64 SP1. Offsets
within the exploit code may need to be adjusted to work with other versions of
Windows.
Authors
Netanel Ben-Simon
Yoav Alon
bee13oy
timwr
Yoav Alon
bee13oy
timwr
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.