Show filters

Showing topic results for "CVE-2020-17087":

(1-1 of 1)

Sort by:
Attacker Value
High

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Disclosure Date: November 11, 2020 (last updated November 17, 2020)
CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google's Project Zero team; it was patched on November 10, 2020, as part of Microsoft's November 2020 Patch Tuesday release.