A Look at CVE-2020-17087

Or how I failed at exploitation but mitigated it instead… On Thursday, October 22, 2020, an interesting issue was posted on bugs.chromium.org titled “Issue 2104: Windows Kernel cng.sys pool-based buffer overflow”. There was an issue in CNG.sys, the Windows driver for Cryptography API: Next Generation, where IOCTL 0x390400 led to a function that was vulnerable […]