关联漏洞
标题:
Microsoft XAML Diagnostics 安全漏洞
(CVE-2023-36003)
描述:Microsoft XAML Diagnostics是美国微软(Microsoft)公司的一组工具,可帮助开发人员分析和调试基于 XAML 的应用程序的用户界面。 Microsoft XAML Diagnostics存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809
描述
Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
介绍
# Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
This is a POC (Proof of Concept) of a privilege escalation vulnerability using
the XAML diagnostics API. The vulnerability was patched in December's Patch
Tuesday, and the CVE assigned to it is
[CVE-2023-36003](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36003).
## Usage
The POC is a C++ project that can be compiled using Visual Studio. After
compiling, the POC can be run without arguments to look for an inaccessible
process and then run the exploit against it. Alternatively, a process id can be
passed as an argument, and the exploit will be run against that process.
## Vulnerability details
More details about the vulnerability can be found in the following blog post:
[Privilege escalation using the XAML diagnostics API
(CVE-2023-36003)](https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/)
文件快照
[4.0K] /data/pocs/f30ee6faf3f84fa0244d49e0e4c3a3f886403221
├── [4.0K] pe-poc
│ ├── [7.1K] pe-poc.vcxproj
│ ├── [ 955] pe-poc.vcxproj.filters
│ └── [2.2K] poc.cpp
├── [4.0K] pe-poc-dll
│ ├── [ 96] exports.def
│ ├── [7.2K] pe-poc-dll.vcxproj
│ ├── [ 955] pe-poc-dll.vcxproj.filters
│ └── [3.5K] poc.cpp
├── [2.1K] pe-poc.sln
└── [ 931] README.md
2 directories, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。