CVE-2019-1253 PoC — Microsoft Windows和Microsoft Windows Server 后置链接漏洞

Source

Associated Vulnerability

Description

AppXSvc Arbitrary File Security Descriptor Overwrite EoP

Readme

# CVE-2019-1253
## AppXSvc Arbitrary File Security Descriptor Overwrite EoP

I have independently reported this vulnerability to MSRC, however, my submission turned out to be a duplicate due to the fact that the fix for [CVE-2019-1253](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1253) also addressed this issue. My PoC differs from the ones created by [Chris Danieli](https://github.com/padovah4ck/CVE-2019-1253) or [Nabeel Ahmed](https://github.com/rogue-kdc/CVE-2019-1253) because this exploit gives 'Full Control' over the target file. My research was inspired by [CVE-2019-0841](https://github.com/rogue-kdc/CVE-2019-0841) originally reported by [Nabeel Ahmed](https://twitter.com/rogue_kdc).

![Video PoC](https://github.com/sgabe/CVE-2019-1253/blob/master/AppXSvcEoP.gif)

File Snapshot

 [4.0K]  /data/pocs/6b503669923832f6dff49eb677fa0d014d38bf68
├── [4.0K]  AppXSvcEoP
│   ├── [5.6K]  AppXSvcEoP.cpp
│   ├── [8.5K]  AppXSvcEoP.vcxproj
│   ├── [1.4K]  AppXSvcEoP.vcxproj.filters
│   ├── [ 384]  AppXSvcEoP.vcxproj.user
│   ├── [2.3K]  base64.cpp
│   ├── [ 374]  base64.h
│   ├── [3.5K]  CommonUtils.cpp
│   ├── [ 658]  CommonUtils.h
│   ├── [2.2K]  ntimports.h
│   ├── [ 289]  stdafx.cpp
│   ├── [ 298]  stdafx.h
│   ├── [ 306]  targetver.h
│   └── [1.3K]  typed_buffer.h
├── [319K]  AppXSvcEoP.gif
├── [ 57K]  AppXSvcEoP.png
├── [1.3K]  AppXSvcEoP.sln
└── [ 811]  README.md

1 directory, 17 files

Remarks