I have independently reported this vulnerability to MSRC, however, my submission turned out to be a duplicate due to the fact that the fix for CVE-2019-1253 also addressed this issue. My PoC differs from the ones created by Chris Danieli or Nabeel Ahmed because this exploit gives 'Full Control' over the target file. My research was inspired by CVE-2019-0841 originally reported by Nabeel Ahmed.
-
Notifications
You must be signed in to change notification settings - Fork 5
sgabe/CVE-2019-1253
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
AppXSvc Arbitrary File Security Descriptor Overwrite EoP