Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38063 PoC — Microsoft Windows TCP/IP component 数字错误漏洞

Source
https://github.com/Sachinart/CVE-2024-38063-simulation
Associated Vulnerability
Title:Microsoft Windows TCP/IP component 数字错误漏洞 (CVE-2024-38063)
Description:Microsoft Windows tcp/ip是美国微软(Microsoft)公司的一个 Windows 的 Tcp/Ip 支持服务。 Microsoft Windows TCP/IP component存在数字错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 f
Description
Note: I am not responsible for any bad act. This is written by Chirag Artani to demonstrate the vulnerability.
Readme
Please note: Some intellectual thinks this is the real bug and exploit (you can understand how much intellect they are) but the script clerly says at the header - 'IPv6 Vulnerability Simulation Script'. Please remember this is only giving an idea about how it can cause crash (in simple word) and lead to RCE.


This should be on to perform the proof of concept and also you need flask  order to test/verify the bug.

Integer Overflow
In the ```process_packet``` function, the vulnerability occurs when calculating the ```total_length```:

```
total_length = packet.main_header_length
for header_length in packet.extension_headers:
    total_length += header_length
```
    
If the sum of these lengths becomes larger than the maximum value an integer can hold (2^31 - 1 for a 32-bit signed integer), it will wrap around to a negative number. This is the integer overflow.
Buffer Overflow
The integer overflow leads to a buffer overflow in this line:
```
for i in range(total_length):
    buffer[i] = 0xFF  # Potential out-of-bounds write
```
If ```total_length``` becomes negative due to integer overflow, it will be interpreted as a very large positive number by ```range()```. This causes the loop to write far beyond the end of the ```buffer```, which only has 64 bytes allocated.

### Real-World Implications
In a real system, this could lead to:

1. Overwriting adjacent memory
2. Crashing the application
3. Potential arbitrary code execution if an attacker can control the overwritten memory

This is written by Chirag Artani and if you have bad intension , you are responsible for any bad/malicious activity.

Enable it => Most probably this is enabled bydefault. 

![Screenshot_1](https://github.com/user-attachments/assets/01d8da94-6dbc-49eb-86b0-6c52d97f5073)

<mark>Check the ```CVE-2024-38063-poc.py``` for more, everything will be perform using flask python, crashing the ipv6 flowing it over passing commands and getting things executed.<mark>

Thank You!
- Chirag Artani
File Snapshot

 [4.0K]  /data/pocs/848f914a1c68c66a15789ee65b1a9cb2de22bab6
├── [3.3K]  CVE-2024-38063-poc.py
├── [1.9K]  README.md
└── [153K]  Screenshot_1.png

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.