Microsoft Windows – ‘POP/MOV SS’ Privilege Escalation

• Exploit Database
• 15 阅读

• 作者： Can Bölük
  日期： 2018-05-22
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/44697/

• Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.
  
  - KVA Shadowing should be disabled and the relevant security update should be uninstalled.
  - This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.
  
  Proof of Concept:
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44697.zip