Skip to content

Latest commit

 

History

History

CVE-2015-2370

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

MS15-076

  • We can Copies a file to any privileged location on disk

  • The POC was from @monoxgas

Vulnerability reference:

notes

  • Exploit can only be one once every 2-3 minutes. This is because RPC can be held up by LocalSystem
  • The destination file can't already exist
  • Tested on x64/x86 Windows 7/8.1
  • Microsoft.VisualStudio.OLE.Inerop.dll must be in the same directory

Usage

c:> trebuchet.exe C:\Users\Bob\Evil.txt C:\Windows\System32\Evil.dll

Links