Merge pull request #96 from xboxoneresearch/feat/update/collateral_da…

…mage_exploit_page update: Collateral Damage exploit page
xboxoneresearch · Jul 17, 2024 · 7f0325c · 7f0325c
2 parents 0a2ced5 + 05df1fc
commit 7f0325c
Showing 1 changed file with 15 additions and 9 deletions.
diff --git a/docs/exploits/game-script-code-exec.md b/docs/exploits/game-script-code-exec.md
@@ -1,22 +1,28 @@
-# Code Execution via Game Script UWP App
+# Collateral Damage - Code Execution via Game Script UWP App
 
 ## Metadata
 |                              |                                       |
 | ---------------------------- | ------------------------------------- |
-| Release date                 | 08.06.2024                            |
+| Release date                 | 15.07.2024                            |
 | Author                       | carrot_c4k3                           |
 | Classification               | Code execution                        |
-| Patched                      | No                                    |
-| Patch date                   | N/A                                   |
-| First patched system version | N/A                                   |
-| Source                       | [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd) |
-| Download                     | N/A                                   |
+| Patched                      | Yes                                   |
+| Patch date                   | 2024-07-15                            |
+| First patched system version | 10.0.25398.4910 (July 2024)           |
+| Source                       | [Github](https://github.com/exploits-forsale/collateral-damage) |
+| Download                     | [Github](https://github.com/exploits-forsale/collateral-damage/releases) |
 
 ## Info
 The ["Game Script" application](https://apps.microsoft.com/detail/9pb1gw72nv4w) available on the Microsoft store allows writing and executing scripts in a custom language. This language exposes arbitrary memory read/write functionality, which can be used to achieve arbitrary native code execution.
 
+Exploit framework utilized: [Solstice](https://github.com/exploits-forsale/solstice)
+
+PoC: [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd)
+
+PoC with Kernel-Exploit test: [GitHub](https://gist.github.com/carrot-c4k3/6ef33d57733b08281b26db0a50b1a447)
+
 ## Prerequisites
-- [Game Script](https://apps.microsoft.com/detail/9pb1gw72nv4w)
+- [Game Script](https://apps.microsoft.com/detail/9pb1gw72nv4w) (Product Id: 9pb1gw72nv4w)
 
 ## Instructions
-Launch Game Script and input the Proof-of-Concept found on [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd).
+Follow the instructions on the Repository.