CVE-2020-17057

HIGH

Windows Win32k - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-17057. PoCs published by lsw29475, fengjixuchui.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2020-17057, targeting a use-after-free vulnerability in the Windows DirectComposition API. The code demonstrates memory manipulation techniques to achieve pool feng shui and trigger the vulnerability, though it notes limitations in achieving arbitrary read/write primitives due to type isolation.

Description

Windows Win32k Elevation of Privilege Vulnerability

Exploits (2)

nomisec WORKING POC 2 stars

by lsw29475 · poc

https://github.com/lsw29475/CVE-2020-17057

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2020-17057, targeting a use-after-free vulnerability in the Windows DirectComposition API. The code demonstrates memory manipulation techniques to achieve pool feng shui and trigger the vulnerability, though it notes limitations in achieving arbitrary read/write primitives due to type isolation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Windows 10 (1909) x64

No auth needed

Prerequisites: Windows 10 (1909) x64 environment · DirectComposition API access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by fengjixuchui · poc

https://github.com/fengjixuchui/cve-2020-17057

View Code ZIP pw:eip

This PoC exploits CVE-2020-17057, a vulnerability in Windows DComposition, by manipulating channel batch buffers to trigger a use-after-free condition. The code demonstrates the vulnerability by creating resources and setting buffer properties in a loop to attempt exploitation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Windows (DComposition)

No auth needed

Prerequisites: Windows system with vulnerable DComposition implementation

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17057

Scores

CVSS v3 7.0

EPSS 0.1065

EPSS Percentile 93.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (13)

microsoft/windows_10 20h2

microsoft/windows_10 1607

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_10 2004

microsoft/windows_server_2016

microsoft/windows_server_2016 20h2

microsoft/windows_server_2016 1903

... and 3 more

Published Nov 11, 2020

Tracked Since Feb 18, 2026