Buffer overflow in Windows and Windows Server - CVE-2021-33771

 

Buffer overflow in Windows and Windows Server - CVE-2021-33771

Published: July 13, 2021


Vulnerability identifier: #VU54720
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-33771
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: The vulnerability is being exploited in the wild
Vendor: Microsoft
Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.


How to mitigate CVE-2021-33771

Install updates from vendor's website.

Sources