Microsoft Windows Uninitialized Variable Local Privilege Escalation

Posted by deepcore on October 16, 2020 – 3:35 pm

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user. This module has been tested against Windows 7 x64 SP1. Offsets within the exploit code may need to be adjusted to work with other versions of Windows. The exploit can only be triggered once against the target and can cause the target machine to reboot when the session is terminated.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] aaPanel 6.6.6 – Privilege Escalation & Remote Code Execution (Authenticated) Simple Grocery Store Sales And Inventory System 1.0 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft Windows Uninitialized Variable Local Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL