Antctf-real_vmpwn writeup
The topic introduced the cve-2020-3947 UAF vulnerability and the silently fixed variable uninitialized vulnerability in the old version through the magical modification of the vmware dhcp component.
This combination of vulnerabilities can cause real escape in lower versions (<15.1.2), so the vulnerability is named real_vmpwn
Source link:https://drive.google.com/file/d/1Ntk-vB5nzJ0S3qCPT-EOxL_ZiP2g3ChG/view