Full title: Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei) Category: local exploits Platform: windows A kernel pool overflow in Win32k which allows local privilege escalation. The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process). This allows any unprivileged process to freely migrate to winlogon.exe, achieving privilege escalation. Used in pwn2own 2013 by MWR to break out of chrome's sandbox. NOTE: when you exit the meterpreter session, winlogon.exe is likely to crash. # 0day.today @ http://0day.today/