Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-0213 PoC — Microsoft Windows COM 权限许可和访问控制问题漏洞

Source
https://github.com/Anonymous-Family/CVE-2017-0213
Associated Vulnerability
Title:Microsoft Windows COM 权限许可和访问控制问题漏洞 (CVE-2017-0213)
Description:Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。Windows COM Aggregate Marshaler是其中的一个组件。 Microsoft Windows中的Windows COM Aggregate Marshaler存在提权漏洞。本地攻击者可通过运行特制的应用程序利用该漏洞在应用程序上下文中执行任意任意代码。以下版本受到影响:Microsoft Windows Server 2008 SP2和R2 SP1;Windows 7 SP1;Windows
Description
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.
Readme
# CVE-2017-0213: Windows COM Elevation of Privilege Vulnerability

## Description

**Author:** Google Security Research

**CVE:** 2017-0213

**EDB-ID:** 42020

**References:** [Project-Zero](https://bugs.chromium.org/p/project-zero/issues/detail?id=1107) [Microsoft](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213) [Exploit-Database](https://www.exploit-db.com/exploits/42020/)

**Video:** [Youtube](https://youtu.be/6W5RhEiOM-4)




## Affected Products

| Product             | Version | Update | Build | Tested |
| :------------------ | :------ | :----- | :---- | :----- |
| Windows 10          | 1511    |        | 10586 | √      |
| Windows 10          | 1607    |        | 14393 | √      |
| Windows 10          | 1703    |        | 15063 | √      |
| Windows 7           |         | SP1    |       | √      |
| Windows 8.1         |         |        |       |        |
| Windows RT 8.1      |         |        |       |        |
| Windows Server 2008 |         | SP2    |       |        |
| Windows Server 2008 | R2      | SP1    |       |        |
| Windows Server 2012 |         |        |       |        |
| Windows Server 2012 | R2      |        |       |        |
| Windows Server 2016 |         |        |       |        |
File Snapshot

 [4.0K]  /data/pocs/085a9ea5dbec8cebdfc3720ea392d17cccea7060
├── [ 81K]  CVE-2017-0213_x64.zip
├── [ 71K]  CVE-2017-0213_x86.zip
└── [1.2K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.