Security experts from Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows.
Four vulnerabilities are classified as high-risk severity, three of them are zero-day vulnerabilities tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915. The flaws could allow an attacker to escalate privileges on the affected system, they received a CVSS score of 7.0.
The vulnerabilities affect in the user-mode printer driver host process splwow64.exe, and is caused by the lack of validation for user-supplied input being dereferenced as a pointer.