CVE-2018-1000117 PoC — Python Software Foundation CPython on Windows 缓冲区错误漏洞

Source

https://github.com/u0pattern/CVE-2018-1000117-Exploit

Associated Vulnerability

Title:Python Software Foundation CPython on Windows 缓冲区错误漏洞 (CVE-2018-1000117)
Description:Python Software Foundation CPython on Windows是Python软件基金会的一套基于Windows平台的、开源的、面向对象的程序设计语言，该语言具有可扩展、支持模块和包、支持多种平台等特点。CPython（又名Python）是一款用C语言实现的Python解释器。基于Windows平台的Python Software Foundation CPython 3.2版本至3.6.4版本中的‘os.symlink()’函数存在缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代

Description

Buffer Overflow Vulnerability that can result ACE

Readme

## CVE-2018-1000117
-----------

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

-----------
## Vulnerable Versions

    Python 2.7
    Python 3.4
    Python 3.5
    Python 3.6

------------
## Credits
* Alexey Izbyshev (Reporter) - ![GitHub](https://assets-cdn.github.com/favicon.ico) [Alexey Izbyshev](https://github.com/izbyshev)
* 1337r00t (Exploiter) - ![Twitter](https://abs.twimg.com/favicons/favicon.ico) [1337r00t](https://twitter.com/_1337r00t)

File Snapshot


 [4.0K]  /data/pocs/941e76e5b2774d3ebca2e0a1f72961bd6919538f
├── [ 999]  p0c.py
└── [ 830]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!