CVE-2026-42896
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
122
Heap-based Buffer Overflow
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Modify Memory
Other
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
190
Integer Overflow or Wraparound
StableCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Memory)
Dos: Instability
Modify Memory
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Alter Execution Logic
Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages:
C, Not Language-Specific
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42896