CVE-2015-1769 PoC — Microsoft Windows Mount Manager 特权提升漏洞

Source

https://github.com/int0/CVE-2015-1769

Associated Vulnerability

Title:Microsoft Windows Mount Manager 特权提升漏洞 (CVE-2015-1769)
Description:Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。Mount Manager是其中的一个挂载器组件。当Microsoft Windows Mount Manager组件未正确处理符号链接时存在特权提升漏洞。攻击者可通过将恶意USB设备插入目标系统利用该漏洞将恶意二进制文件写入磁盘并执行。以下版本受到影响：Microsoft Windows Vista SP2，Windows Server 2008 SP2和R2 SP1，Windows 7 SP1，Windows

Description

PoC for CVE-2015-1769

Readme

# CVE-2015-1769
PoC for CVE-2015-1769

VHD file to reproduce CVE-2015-1769. VHD doesn't contain actual payload only notepad.exe.

Upon mounting inspect system log for reported blocked error if latest patch is installed.

Batch script shows how symbolic link was created that triggers the vulnerability same mechanism can be used to modify HDD or USB drive.

![image2](https://github.com/int0/CVE-2015-1769/blob/main/CVE-2015-1769-MountMgr.JPG)

File Snapshot


 [4.0K]  /data/pocs/1bde247c8a52ed04d8d8542f447afbc83e90ef5e
├── [ 27K]  CVE-2015-1769-MountMgr.JPG
├── [334K]  CVE-2015-1769.zip
└── [ 444]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!