Vulnerability: Microsoft Windows win32kfull MulGradientFill Untrusted Pointer Dereference Privilege Escalation Vulnerability ID: - ZDI-21-403 - ZDI-CAN-12568 CVE ID: CVE-2021-27077 CVSS Score: 7.8, AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Vendor: Microsoft Affected Products: Windows Vulnerability Details: - Allows local attackers to escalate privileges on affected installations of Microsoft Windows. - Results from improper validation of user-supplied value in the win32kfull.sys driver. - Attackers can execute arbitrary code in the context of SYSTEM. Additional Details: - Microsoft has issued an update to correct this vulnerability. More details available at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077 Disclosure Timeline: - 2020-12-23: Vulnerability reported to vendor - 2021-04-12: Coordinated public release of advisory Credit: Marcin Wiazowski