The 2021 Pwnie Nominee For Best Privilege Escalation Bug

CVE-2021-1648

Researcher Name: k0shl

Link:

CVE: CVE-2021-1648

CVE-2021-1648 includes three vulnerabilities, an arbitrary address read information disclosure, an arbitrary heap base address read information disclosure, and an arbitrary heap base address write escalation of privilege. All of them exist in ALPC service and can easily lead to escape from IE sandbox. An exciting part of this CVE is that the issue service is a special service. This service runs on an x86-64 Windows system but is compatible with x86 os.