# CVE-2023-21752
PoC for arbitrary file delete vulnerability in Windows Backup service.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21752
This repo contains two exploits:
v1 - Just perform file delete of user choice
v2 - Tries to abuse arb delete to spawn elevated cmd shell (not very stable probably need to run it couple of times, better work on phisycal machine)
https://user-images.githubusercontent.com/44291883/211601142-c04534e5-f718-478d-b91a-65d6a4f06080.mp4
# Timeline
- 07/07/2022 - Vulnerability reported to MSRC
- 08/10/2022 - MSRC confirmed vulnerability
- 08/12/2022 - Bounty awarded
- 01/10/2023 - Patch released
[4.0K] /data/pocs/aa408a4cd2a7084f318391ccf1f7a938711f10f0
├── [ 664] README.md
├── [4.0K] v1
│ └── [4.0K] SDRsvcEop
│ ├── [5.5K] def.h
│ ├── [4.3K] FileOplock.cpp
│ ├── [ 986] FileOplock.h
│ ├── [8.9K] main.cpp
│ ├── [1.4K] SDRsvcEop.sln
│ ├── [7.2K] SDRsvcEop.vcxproj
│ ├── [1.3K] SDRsvcEop.vcxproj.filters
│ └── [ 168] SDRsvcEop.vcxproj.user
└── [4.0K] v2
└── [4.0K] SDRsvcEop
├── [558K] cmd.rbs
├── [6.0K] def.h
├── [4.3K] FileOplock.cpp
├── [ 986] FileOplock.h
├── [ 14K] main.cpp
├── [184K] Msi_Rollback.msi
├── [ 514] resource.h
├── [1.6K] resource.rc
├── [1.4K] SDRsvcEop.sln
├── [7.3K] SDRsvcEop.vcxproj
├── [1.5K] SDRsvcEop.vcxproj.filters
└── [ 168] SDRsvcEop.vcxproj.user
4 directories, 21 files