module
Microsoft Windows Uninitialized Variable Local Privilege Elevation
| Disclosed | Created |
|---|---|
| 12/10/2019 | 10/16/2020 |
Disclosed
12/10/2019
Created
10/16/2020
Description
This module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability
within win32k which occurs due to an uninitalized variable, which allows user mode attackers
to write a limited amount of controlled data to an attacker controlled address
in kernel memory. By utilizing this vulnerability to execute controlled writes
to kernel memory, an attacker can gain arbitrary code execution
as the SYSTEM user.
This module has been tested against Windows 7 x64 SP1. Offsets within the
exploit code may need to be adjusted to work with other versions of Windows.
The exploit can only be triggered once against the target and can cause the
target machine to reboot when the session is terminated.
within win32k which occurs due to an uninitalized variable, which allows user mode attackers
to write a limited amount of controlled data to an attacker controlled address
in kernel memory. By utilizing this vulnerability to execute controlled writes
to kernel memory, an attacker can gain arbitrary code execution
as the SYSTEM user.
This module has been tested against Windows 7 x64 SP1. Offsets within the
exploit code may need to be adjusted to work with other versions of Windows.
The exploit can only be triggered once against the target and can cause the
target machine to reboot when the session is terminated.
Authors
piotrflorczykunamertimwr
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/local/cve_2019_1458_wizardopium
msf /(m) > show actions
...actions...
msf /(m) > set ACTION < action-name >
msf /(m) > show options
...show and set options...
msf /(m) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.