CVE-2020-17057 Microsoft Windows DirectComposition Uninitialized Pointer Privilege Escalation Vulnerability Abstract Background CVE-2020-17057 Analysis Crash detail Vulnerability detail Exploit How I convert arbitrary address minus one to arbitrary resource object release How I get a palette with dangling data pointer Conclusion CVE-2020-17057 Microsoft Windows DirectComposition Uninitialized Pointer Privilege Escalation Vulnerability Author: B1aN of 360 Vulcan Team Abstract Microsoft has patched a vulnerability I found almost two years ago. The official introduction can be found in MSRC Acknowledgements. It’s a very excellent vulnerability. In this blog post, I will publish the detail of this vulnerability and how I use this vulnerability to get a palette which can read write memory. Back...