Name | unmarshal_to_system |
---|---|
CVE | CVE-2018-0824 Exploit Pack |
VENDOR: Microsoft | |
Notes: | |
Tested against: | |
--------------- | |
Windows 7 x86 - NOT VULNERABLE | |
Windows Server 2016 - NOT VULNERABLE |
Windows 8.1 - SUCCESSFUL EOP
Windows 10 1607 - SUCCESSFUL EOP
Windows 10 10240 - SUCCESSFUL EOP
Credits
---------------
+ Mattias Kaiser for inspiring our exploit
+ James Foreshaw of Google Project Zero for exposing the method of
forcing a COM service to demarshal an object written to an IStorage
object
IMPORTANT CEU NOTE
---------------
As of 6/29/2018 you must set the target host to the IP address of the
node on which you wish to escalate.
Repeatability: Infinite
References: [âhttps://codewhitesec.blogspot.com/2018/06/cve-2018-0624.htmlâ, âhttp://m.bianma.org/jishu/1473.htmlâ, âhttps://bbs.pediy.com/thread-228829.htmâ, âhttps://bbs.ichunqiu.com/thread-42157-1-1.htmlâ]
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0824