CVE-2020-9767 PoC — Zoom Sharing Service 代码问题漏洞

Source

https://github.com/shubham0d/Zoom-dll-hijacking

Associated Vulnerability

Title:Zoom Sharing Service 代码问题漏洞 (CVE-2020-9767)
Description:ZOOM Sharing Service是美国Zoom（ZOOM）公司的一个以本地 SYSTEM 用户身份运行的 Zoom 共享服务。 Zoom Sharing Service中存在代码问题漏洞。本地攻击者可利用该漏洞提升系统权限。

Description

A dll hijacking vulnerability in zoom meeting < 5.1.4. CVE-2020-9767

Readme

# Zoom-dll-hijacking
A dll hijacking vulnerability in zoom meeting &lt; 5.1.3 
<br />
### Affected Windows version
* Windows 7 or less
* Windows Server 2008
* Any other windows system that doesn't have `SHCore.dll` present.

### Usage
* Copy the `dbghelper.dll` and `SHCore.dll` to following location
  `C:\Users\$user\AppData\Roaming\Zoom\bin\`
* Start the zoom application or do any activity like turning on/off camera inside zoom meeting.

 **Note**: You can modify the code of SHCore.dll by opening `shcore dll.sln` project in Visual studio.
 <br/>
  <br/>
 **Reference**: 
 <br/>
 https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html <br/>
 https://www.programmersought.com/article/85545053408/

File Snapshot


 [4.0K]  /data/pocs/fefb5e9854f30c42237f92a77a034b320e799f89
├── [543K]  dbghelper.dll
├── [ 723]  README.md
├── [4.0K]  shcore dll
│   ├── [9.1K]  dllmain.cpp
│   ├── [ 149]  framework.h
│   ├── [ 186]  pch.cpp
│   ├── [ 563]  pch.h
│   ├── [8.2K]  shcore dll.vcxproj
│   ├── [1.2K]  shcore dll.vcxproj.filters
│   └── [ 165]  shcore dll.vcxproj.user
├── [1.4M]  SHCore.dll
└── [1.4K]  shcore dll.sln

1 directory, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!