CVE-2019-1215 PoC — Microsoft Windows和Microsoft Windows Server 安全漏洞

Source

https://github.com/bluefrostsecurity/CVE-2019-1215

Associated Vulnerability

Title:Microsoft Windows和Microsoft Windows Server 安全漏洞 (CVE-2019-1215)
Description:Microsoft Windows和Microsoft Windows Server都是美国微软（Microsoft）公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。 Microsoft Windows和Microsoft Windows Server中ws2ifsl.sys(Winsock)处理内存对象的方式存在提权漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行代码。以下产品及版本受到影响：Mi

Readme

# CVE-20190-1215 ws2ifsl.sys UAF exploit for Windows 10 19H1 x64
This exploit uses the recently patched use after free vulnerability CVE-2019-1215 in ws2ifsl.sys to achieve local privilege escalation. The exploit targets Windows 10 19H1 (1901) x64 and demonstrates how to bypass kASLR, kCFG and SMEP. When executing the exploit with medium integrity privileges, successful exploitation spawns a new cmd.exe with system privileges.

The full bug analysis and exploitation details can be found at (https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/)

File Snapshot


 [4.0K]  /data/pocs/363f29a17310b416d0344f706a6f2e83b83736bd
├── [4.0K]  CVE-2019-1215-ws2ifsl
│   ├── [6.1K]  CVE-2019-1215-ws2ifsl.vcxproj
│   ├── [ 963]  CVE-2019-1215-ws2ifsl.vcxproj.filters
│   ├── [ 168]  CVE-2019-1215-ws2ifsl.vcxproj.user
│   └── [ 18K]  exploit.cpp
├── [1.1K]  CVE-2019-1215-ws2ifsl.sln
└── [ 603]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!