Main Vulnerability Database SB2026051378

SB2026051378 - Privilege escalation in Microsoft Windows CTFMON

Published: May 13, 2026

Security Bulletin ID SB2026051378

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: N/A)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in Windows CTFMON. A local unprivileged user can create an arbitrary memory section object in any directory object, writable by SYSTEM, and execute arbitrary code with SYSTEM privileges.

The vulnerability was dubbed GreenPlasma by its researcher.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/Nightmare-Eclipse/GreenPlasma