Skip to content

Latest commit

 

History

History

CVE-2019-1253

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 

CVE-2019-1253

AppXSvc Arbitrary File Security Descriptor Overwrite EoP

I have independently reported this vulnerability to MSRC, however, my submission turned out to be a duplicate due to the fact that the fix for CVE-2019-1253 also addressed this issue. My PoC differs from the ones created by Chris Danieli or Nabeel Ahmed because this exploit gives 'Full Control' over the target file. My research was inspired by CVE-2019-0841 originally reported by Nabeel Ahmed.

Video PoC