CVE-2023-21554 PoC — Microsoft Message Queuing 安全漏洞

Source

https://github.com/zoemurmure/CVE-2023-21554-PoC

Associated Vulnerability

Title:Microsoft Message Queuing 安全漏洞 (CVE-2023-21554)
Description:Microsoft Message Queuing是用于实现需要高性能的异步和同步场景的解决方案。 Microsoft Message Queuing存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Wind

Description

CVE-2023-21554 Windows MessageQueuing PoC，分析见 https://www.zoemurmure.top/posts/cve_2023_21554/

Readme

# CVE-2023-21554-PoC

CVE-2023-21554 Windows MessageQueuing PoC，分析见 https://www.zoemurmure.top/posts/cve_2023_21554/

poc 文件执行前需要自行修改目标机器 IP 地址

poc 成功的标志是 mqsvc.exe 进程的崩溃，并没有弹窗信息，需要在类似进程监控器的程序里看到

![](https://www.zoemurmure.top/img/2023-05-16-17-00-24.png)

File Snapshot


 [4.0K]  /data/pocs/602f692b59cde133e90373e13633a473138e02c1
├── [4.0K]  data
│   ├── [  32]  connection_parameters.bin
│   ├── [ 572]  establish_connection.bin
│   ├── [  36]  session_acknowledgment.bin
│   └── [ 256]  user_message.bin
├── [1.3K]  poc.py
└── [ 372]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!