CVE-2022-21882 PoC — Microsoft Win32k 缓冲区错误漏洞

Source

https://github.com/David-Honisch/CVE-2022-21882

Associated Vulnerability

Title:Microsoft Win32k 缓冲区错误漏洞 (CVE-2022-21882)
Description:Microsoft Win32k是美国微软（Microsoft）公司的一个用于Windows多用户管理的系统文件。 Microsoft Win32K 存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 1909 for ARM64-based Systems,Win

Description

CVE-2022-21882

Readme

# CVE-2022-21882
win32k LPE bypass CVE-2021-1732

## Test
- only tested on  windows 20h2 19042.1415 
- tested on windows 21H1 (not working)

## Download
https://raw.githubusercontent.com/David-Honisch/CVE-2022-21882/main/x64/Release/CVE-2021-1732.exe

## Many thanks to Kalendski.

Based on:
https://twitter.com/kalendsi/status/1483770845138804738

![image]( CVE-2022-21882.gif)

File Snapshot


 [4.0K]  /data/pocs/073031c8cf4ddee9cd73c0e39c1162a593961a9b
├── [ 16K]  CVE-2022-21882.cpp
├── [8.0K]  CVE-2022-21882.vcxproj
├── [1.3K]  CVE-2022-21882.vcxproj.filters
├── [ 165]  CVE-2022-21882.vcxproj.user
├── [1.4K]  ExploitTest.sln
├── [ 162]  ExploitTest.vcxproj.user
├── [ 379]  README.md
├── [ 162]  shellcode.asm
├── [ 209]  stdafx.cpp
├── [ 219]  stdafx.h
├── [ 228]  targetver.h
└── [4.0K]  x64
    └── [4.0K]  Release
        └── [ 18K]  CVE-2021-1732.exe

2 directories, 12 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!