CVE-2007-0843 PoC — Microsoft Windows 权限许可和访问控制问题漏洞

Source

Associated Vulnerability

Title:Microsoft Windows 权限许可和访问控制问题漏洞 (CVE-2007-0843)
Description:Microsoft Windows是美国微软（Microsoft）公司的一套个人设备使用的操作系统。 Microsoft Windows 2000，XP，Server 2003和Vista上的ReadDirectoryChangesW API函数存在权限许可和访问控制问题漏洞，该漏洞源于没有检验子对象的授权，这使得本地用户可以通过打开一个含有LIST(READ)访问的目录并使用ReadDirectoryChangesW来监控非LIST授权文件的更改，从而绕过授权。攻击者可以通过它获取文件名、访问时间和其他

Description

Spydir is a small utility to monitor file changes in Windows directory regardless of subdirectory and files permissions (exploits CVE-2007-0843)

File Snapshot


 [4.0K]  /data/pocs/695d1b8f42bb242fc7ef20607171fed92c634974
├── [ 352]  README
├── [2.4K]  spydir.c
└── [ 13K]  spydir.exe

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!