This module exploits a heap based buffer overflow in the function _AddPrinterW in WIN32SPL.DLL (a component of the printer spooler service), reached through an AddPrinter remote request. Before doing so, the module manipulates the heap into a known state by using a memory leak and some other primitives. After this, the agent code is first written into a well-known location and then a function pointer is changed to divert the execution flow into this location.
CVE Link
Exploit Platform
Product Name