|CVSS SCORE||2.1, (AV:L/AC:L/Au:N/C:P/I:N/A:N)|
The specific flaw exists within the handling of the NtUserDisableProcessWindowFiltering function. The issue lies in the failure to sanitize a stack variable before returning it to the user. An attacker can leverage this together with another vulnerability to achieve code execution at SYSTEM.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||WanderingGlitch of the HPE Security Zero Day Initiative