CVE-2020-17382

HIGH

MSI AmbientLink MsIo64 driver 1.0.0.8 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-17382. PoCs published by Matteo Malvica, uf0o, typeconfused.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in MSI Ambient Link Driver 1.0.0.8 by leveraging a kernel stack-based buffer overflow to execute arbitrary shellcode, ultimately stealing a SYSTEM token for privilege escalation.

Description

The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).

Exploits (3)

exploitdb WORKING POC

by Matteo Malvica · clocalwindows

https://www.exploit-db.com/exploits/48836

View Code ZIP pw:eip

This exploit demonstrates a local privilege escalation vulnerability in MSI Ambient Link Driver 1.0.0.8 by leveraging a kernel stack-based buffer overflow to execute arbitrary shellcode, ultimately stealing a SYSTEM token for privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Ambient Link Driver 1.0.0.8

No auth needed

Prerequisites: Windows 10 1709 · MSI Ambient Link Driver 1.0.0.8 installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 115 stars

by uf0o · poc

https://github.com/uf0o/CVE-2020-17382

View Code ZIP pw:eip

This repository contains functional privilege escalation exploits for CVE-2020-17382, targeting Windows 10 1709 and Windows 7 x64 SP1. The exploits leverage a kernel stack-based buffer overflow in the MSI Ambient Link driver to achieve local privilege escalation via token stealing.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Ambient Link Driver (MsIo.sys) on Windows 10 1709 and Windows 7 x64 SP1

No auth needed

Prerequisites: Vulnerable MSI Ambient Link driver installed · Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by typeconfused · poc

https://github.com/typeconfused/CVE-2020-17382

View Code ZIP pw:eip

This is a functional exploit for CVE-2020-17382, a Windows kernel vulnerability in the MsIo driver. It leverages a type confusion bug to achieve local privilege escalation (LPE) via a crafted IOCTL call, executing a token-stealing shellcode payload to obtain SYSTEM privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 x64 2004 Build 19041.264 (MsIo driver)

No auth needed

Prerequisites: Access to a vulnerable Windows 10 system with the MsIo driver loaded · Non-KVA Shadow and non-VBS environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_misc

https://us.msi.com/support/download/vga

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/159315/MSI-Ambient-Link-Driver-1.0.0.8-Privilege-Escalation.html

Exploit x_refsource_misc

https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities

Scores

CVSS v3 7.8

EPSS 0.1282

EPSS Percentile 94.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

msi/ambientlink_mslo64_firmware 1.0.0.8

Published Oct 02, 2020

Tracked Since Feb 18, 2026