Home / exploitsPDF  

Print Spooler Remote DLL Injection

Posted on 25 May 2022

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITYSYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.