CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.
References
Link Resource
https://www.youtube.com/watch?v=b5vPDmMtzwQ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cryptopro:csp:*:*:*:*:*:*:x86:*

History

No history.

Information

Published : 2020-10-23 05:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-9331

Mitre link : CVE-2020-9331

CVE.ORG link : CVE-2020-9331


JSON object : View

Products Affected

cryptopro

  • csp