Attacker Value
Very Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Windows kernel NtUserScrollDC memory corruption

Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The attached testcases crashes Windows 7 x86 with Special Pool enabled on win32k. The crash occurs while accessing unmapped memory. The bogus address is returned by a call to FastWindowFromDC. This is likely to be a freed window object.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    High
Technical Analysis

UAF, probably fixed in next major version.

General Information

Additional Info

Technical Analysis