[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-75959":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":16,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":16,"starSnapshotCount":16,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},75959,"MiniPlasma","Nightmare-Eclipse\u002FMiniPlasma","Nightmare-Eclipse","CVE-2020-17103 was apparently not patched or the patch was reversed, regardless this the PoC for an LPE in cldflt.sys","",null,"C#",698,174,7,3,0,237,10.73,"MIT License",false,"main",true,[],"2026-06-12 02:03:38","# MiniPlasma\n\nAfter re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!HsmOsBlockPlaceholderAccess is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago.\nI'm not taking full credit for this, James Forshaw from google project zero found the vulnerability and reported it to Microsoft and was supposedly fixed as [CVE-2020-17103](https:\u002F\u002Fmsrc.microsoft.com\u002Fupdate-guide\u002Fvulnerability\u002FCVE-2020-17103). \n\nHowever, a research who's a friend of mine pointed out that the routine might still have a vulnerability, which is something I considered but brushed off because I thought it was impossible for Microsoft to just not patch this or rollback the patch.\n\nAfter investigating, it turns out the exact same issue that [was reported to Microsoft by Google project zero](https:\u002F\u002Fproject-zero.issues.chromium.org\u002Fissues\u002F42451192) is actually still present, unpatched. I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.\n\nTo highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines but success rate may vary since it's a race condition. \n\nI believe all Windows versions are affected by this vulnerability.\n\n\u003Cimg width=\"1402\" height=\"818\" alt=\"poc\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fd94b77e5-fba5-47d8-8ae8-8cf5b3d5f686\" \u002F>\n\n\n","MiniPlasma 是一个用于展示 Windows 系统中 cldflt.sys 漏洞的工具，该漏洞曾被标记为 CVE-2020-17103。项目的核心功能是通过利用 cldflt!HsmOsBlockPlaceholderAccess 函数中的安全缺陷，实现本地权限提升（LPE），从而在目标系统上以 SYSTEM 权限执行命令。技术上，它基于 C# 语言开发，并且能够复现 Google Project Zero 团队最初报告但未被完全修复的安全问题。此项目适用于安全研究人员、渗透测试人员以及系统管理员，在进行漏洞研究或评估 Windows 系统安全性时使用。",2,"2026-05-19 02:30:19","CREATED_QUERY"]