Main Vulnerability Database Vulnerabilities #VU131349

Permissions, Privileges, and Access Controls in Windows and Windows Server - #VU131349

Published: May 13, 2026

Vulnerability identifier: #VU131349

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in Windows CTFMON. A local unprivileged user can create an arbitrary memory section object in any directory object, writable by SYSTEM, and execute arbitrary code with SYSTEM privileges.

The vulnerability was dubbed GreenPlasma by its researcher.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://github.com/Nightmare-Eclipse/GreenPlasma

Permissions, Privileges, and Access Controls in Windows and Windows Server - #VU131349

Detailed vulnerability description

Remediation

Sources

Please verify you're human