关联漏洞
标题:
Microsoft Windows AppContainer 安全特征问题特征问题漏洞
(CVE-2021-41338)
描述:Microsoft Windows AppContainer是美国微软(Microsoft)公司的一种沙盒机制,用于控制 UWP 应用可以访问或不访问哪些资源。 Microsoft Windows AppContainer存在安全特征问题漏洞。以下产品和版本受到影响:Windows 10 Version 1909 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for
描述
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability CVE-2021-41338 Security Vulnerability Released: Oct 12, 2021 Assigning CNA: Microsoft MITRE CVE-2021-41338 CVSS:3.1 5.5 / 5.0 Attack Vector Local Attack Complexity Low Privileges Required Low User Interaction None Scope Unchanged Confidentiality High Integrity None Availability None Exploit Code Maturity Proof-of-Concept Remediation Level Official Fix Report Confidence Confirmed Please see Common Vulnerability Scoring System for more information on the definition of these metrics. Exploitability The following table provides an exploitability assessment for this vulnerability at the time of original publication. Yes No Exploitation Less Likely
介绍
# firewall-cve
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability CVE-2021-41338 Security Vulnerability Released: Oct 12, 2021 Assigning CNA: Microsoft MITRE CVE-2021-41338 CVSS:3.1 5.5 / 5.0 Attack Vector Local Attack Complexity Low Privileges Required Low User Interaction None Scope Unchanged Confidentiality High Integrity None Availability None Exploit Code Maturity Proof-of-Concept Remediation Level Official Fix Report Confidence Confirmed Please see Common Vulnerability Scoring System for more information on the definition of these metrics. Exploitability The following table provides an exploitability assessment for this vulnerability at the time of original publication. Yes No Exploitation Less Likely
文件快照
[4.0K] /data/pocs/df4a7ed3a97339530a45a4e6cab67d108e8b8f47
├── [1.5K] Build test
├── [ 16K] Cert.manger
├── [ 11K] LICENSE
├── [ 36K] Microsoft bypass
├── [ 73K] Multiple platforms
├── [ 25K] My pc
├── [1.4K] Print
├── [ 743] README.md
├── [1.0K] Remote bypass
└── [ 619] SECURITY.md
0 directories, 10 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。