Skip to content

Privilege escalation using the XAML diagnostics API (CVE-2023-36003)

Notifications You must be signed in to change notification settings

m417z/CVE-2023-36003-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Privilege escalation using the XAML diagnostics API (CVE-2023-36003)

This is a POC (Proof of Concept) of a privilege escalation vulnerability using the XAML diagnostics API. The vulnerability was patched in December's Patch Tuesday, and the CVE assigned to it is CVE-2023-36003.

Usage

The POC is a C++ project that can be compiled using Visual Studio. After compiling, the POC can be run without arguments to look for an inaccessible process and then run the exploit against it. Alternatively, a process id can be passed as an argument, and the exploit will be run against that process.

Vulnerability details

More details about the vulnerability can be found in the following blog post:

Privilege escalation using the XAML diagnostics API (CVE-2023-36003)

About

Privilege escalation using the XAML diagnostics API (CVE-2023-36003)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages