关联漏洞
标题:
Microsoft Streaming Service 安全漏洞
(CVE-2023-36802)
描述:Microsoft Streaming Service是美国微软(Microsoft)公司的一个视频平台。 Microsoft Streaming Service存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Win
描述
LPE exploit for CVE-2023-36802
介绍
# CVE-2023-36802 Local Privilege Escalation POC
authors: [chompie](https://twitter.com/chompie1337)
For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems.
Adapting the exploit to all vulnerable systems is left as an exercise to the reader. Git gud, etc.
Usage:
```
Windows_MSKSSRV_LPE_CVE-2023-6802.exe <pid>
```
where `<pid>` is the process ID (in decimal) of the process to elevate.
Should result in the target process being elevated to SYSTEM
The I/O Ring LPE primitive code is based on the I/ORing R/W [PoC](https://github.com/yardenshafir/IoRingReadWritePrimitive) by [Yarden Shafir](https://twitter.com/yarden_shafir)
Blog post [here](https://securityintelligence.com/posts/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/)
文件快照
[4.0K] /data/pocs/6645aeb5c0195a73467ba9a33b34c70e361c58d0
├── [ 807] README.md
├── [4.0K] Windows_MSKSSRV_LPE_CVE-2023-36802
│ ├── [ 11K] exploit.c
│ ├── [2.3K] ioring.h
│ ├── [7.6K] ioring_lpe.c
│ ├── [6.1K] windefs.h
│ ├── [6.7K] Windows_MSKSSRV_LPE_CVE-2023-36802.vcxproj
│ └── [1.3K] Windows_MSKSSRV_LPE_CVE-2023-36802.vcxproj.filters
└── [1.5K] Windows_MSKSSRV_LPE_CVE-2023-36802.sln
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。