0.001 Low
EPSS
Percentile
31.3%
Microsoft Windows - POPMOV SS Privilege Escalation
Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.
- KVA Shadowing should be disabled and the relevant security update should be uninstalled.
- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.
Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44697.zip
0.001 Low
EPSS
Percentile
31.3%