Microsoft Windows splWOW64 Privilege Escalation
https://packetstormsecurity.com/files/160698/GS20201223180955.tgz
https://packetstormsecurity.com/files/160698/GS20201223180955.tgzhttps://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.htmlWed, 23 Dec 2020 18:13:19 GMTCVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.