CVE-2023-50226 PoC — Parallels Desktop 安全漏洞

Source

https://github.com/kn32/parallels-file-move-privesc

Associated Vulnerability

Title:Parallels Desktop 安全漏洞 (CVE-2023-50226)
Description:Corel Parallels Desktop是加拿大科亿尔数码科技（Corel）公司的一套适用于macOS平台的虚拟机软件。 Parallels Desktop 存在安全漏洞，该漏洞源于更新程序服务中存在特定缺陷，通过创建符号链接可以滥用该服务来移动任意文件，攻击者利用该漏洞可以提升权限并执行任意代码。

Description

Parallels Desktop privilege escalation - CVE-2023-50226 / ZDI-CAN-21227

Readme

# parallels-file-move-privesc

This repository contains an exploit for CVE-2023-50226 / ZDI-CAN-21227, which can be used to escalate privileges to root using Parallels Desktop on versions before 18.3.2.

![Proof of concept output](./poc.png)

File Snapshot


 [4.0K]  /data/pocs/ecc618b59f4f9cfb9f07854aa30c81b23e46b962
├── [158K]  poc.png
├── [1.6K]  poc.sh
└── [ 242]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!