CVE-2023-36804

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Windows GDI component, specifically affecting the win32kfull driver. This vulnerability can be exploited to elevate privileges. The vulnerability is associated with the improper use of memory after it has been freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2023-05732

CVE-2023-36804

ZDI-23-1406

ZDI-23-1407

ZDI-23-1408

ZDI-23-1409

ZDI-23-1410

ZDI-23-1534

ZDI-23-1535

ZDI-23-1587

ZDI-23-1642

ZDI-23-1643

ZDI-23-1644

ZDI-23-1645

ZDI-23-1792

Affected Products

Windows

CVE-2023-36804

Weakness Enumeration

Related Identifiers

Affected Products

References · 23