CVE-2015-1701 PoC — Microsoft Windows Win32k 特权提升漏洞

Source

https://github.com/hfiref0x/CVE-2015-1701

Associated Vulnerability

Title:Microsoft Windows Win32k 特权提升漏洞 (CVE-2015-1701)
Description:Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。当Microsoft Windows Win32k.sys内核模式驱动程序不正确地处理内存中的对象时，存在一个特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。以下系统受到影响：Microsoft Windows Server 2003 SP2，Vista SP2，Server 2008 SP2。

Description

Win32k LPE vulnerability used in APT attack

Readme

# CVE-2015-1701
## Win32k Elevation of Privilege Vulnerability.

Original info https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html

# Protection

Apply MS15-051 for fix.
https://technet.microsoft.com/library/security/MS15-051


# Authors

(c) 2015 CVE-2015-1701 Project

# Credits

R136a1

File Snapshot


 [4.0K]  /data/pocs/aa64f60e32b5bcfb72e84ce7079f25018c14f0ad
├── [4.0K]  Compiled
│   ├── [5.5K]  Taihou32.exe
│   └── [6.0K]  Taihou64.exe
├── [1.0K]  CVE-2015-1701.sha256
├── [1.3K]  LICENSE.md
├── [ 314]  README.md
└── [4.0K]  Source
    ├── [4.0K]  Taihou
    │   ├── [9.8K]  main.c
    │   ├── [4.0K]  minirtl
    │   │   ├── [3.8K]  minirtl.h
    │   │   ├── [ 781]  rtltypes.h
    │   │   ├── [ 459]  _strcat.c
    │   │   └── [ 496]  _strcpy.c
    │   ├── [102K]  ntos.h
    │   ├── [8.5K]  Taihou.vcxproj
    │   └── [1.4K]  Taihou.vcxproj.filters
    └── [1.3K]  Taihou.sln

4 directories, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!