module
Microsoft Windows Uninitialized Variable Local Privilege Elevation
Disclosed | Created |
---|---|
Dec 10, 2019 | Oct 16, 2020 |
Disclosed
Dec 10, 2019
Created
Oct 16, 2020
Description
This module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability
within win32k which occurs due to an uninitalized variable, which allows user mode attackers
to write a limited amount of controlled data to an attacker controlled address
in kernel memory. By utilizing this vulnerability to execute controlled writes
to kernel memory, an attacker can gain arbitrary code execution
as the SYSTEM user.
This module has been tested against Windows 7 x64 SP1. Offsets within the
exploit code may need to be adjusted to work with other versions of Windows.
The exploit can only be triggered once against the target and can cause the
target machine to reboot when the session is terminated.
within win32k which occurs due to an uninitalized variable, which allows user mode attackers
to write a limited amount of controlled data to an attacker controlled address
in kernel memory. By utilizing this vulnerability to execute controlled writes
to kernel memory, an attacker can gain arbitrary code execution
as the SYSTEM user.
This module has been tested against Windows 7 x64 SP1. Offsets within the
exploit code may need to be adjusted to work with other versions of Windows.
The exploit can only be triggered once against the target and can cause the
target machine to reboot when the session is terminated.
Authors
piotrflorczyk
unamer
timwr
unamer
timwr
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.