Microsoft Windows - 'POP/MOV SS' Privilege Escalation
| EKU-ID: 48636 | CVE: CVE-2018-8897 | OSVDB-ID: |
| Author: Can Bölük | Published: 2018-05-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 48636 | CVE: CVE-2018-8897 | OSVDB-ID: |
| Author: Can Bölük | Published: 2018-05-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44697.zip