CVE-2021-1648

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Windows splwow64 (affected versions not specified)

Description The vulnerability in the Microsoft Windows splwow64 process is related to errors in handling calls. Exploitation of the vulnerability may allow an attacker to elevate their privileges. It is also associated with out-of-bounds read and write issues, as well as untrusted pointer dereference, which can lead to information disclosure and privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-264

Related Identifiers

BDU:2021-00248

CVE-2021-1648

ZDI-20-1432

ZDI-20-1433

ZDI-20-1434

ZDI-21-020

ZDI-21-022

ZDI-21-024

ZDI-21-078

ZDI-21-504

Affected Products

Windows

CVE-2021-1648

Weakness Enumeration

Related Identifiers

Affected Products

References · 22