menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right --Vulnerability-main chevron_right Microsoft Windows10 本地提权漏洞(CVE-2021-1732).md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    Microsoft Windows10 本地提权漏洞(CVE-2021-1732).md
    1.3 KB / 2021-05-21 09:14:38
        # Microsoft Windows10 本地提权漏洞(CVE-2021-1732)


该漏洞由函数win32kfull!xxxCreateWi ndowEx 对应用层回调返回数据校验不严导致,本地用户执行漏洞利用程序获取系统权限。

**影响版本:**

* Windows Server, version 20H2 (Server Core Installation)
* Windows 10 Version 20H2 for ARM64-based Systems
* Windows 10 Version 20H2 for 32-bit Systems
* Windows 10 Version 20H2 for x64-based Systems
* Windows Server, version 2004 (Server Core installation)
* Windows 10 Version 2004 for x64-based Systems
* Windows 10 Version 2004 for ARM64-based Systems
* Windows 10 Version 2004 for 32-bit Systems
* Windows Server, version 1909 (Server Core installation)
* Windows 10 Version 1909 for ARM64-based Systems
* Windows 10 Version 1909 for x64-based Systems
* Windows 10 Version 1909 for 32-bit Systems
* Windows Server 2019 (Server Core installation)
* Windows Server 2019
* Windows 10 Version 1809 for ARM64-based Systems
* Windows 10 Version 1809 for x64-based Systems
* Windows 10 Version 1809 for 32-bit Systems
* Windows 10 Version 1803 for ARM64-based Systems
* Windows 10 Version 1803 for x64-based Systems

CVE-­2021­-1732 Microsoft Windows10 本地提权漏 研究及Exploit开发:https://bbs.pediy.com/thread-266362.htm

exploit:https://github.com/KaLendsi/CVE-2021-1732-Exploit
    links
    file_download