CVE-2018-8639
描述
这个漏洞属于未正确处理窗口类成员对象导致的Double-free类型本地权限提升漏洞
影响版本
| Product | Version | Update | Edition | Tested |
|---|---|---|---|---|
| Windows 10 | - | |||
| Windows 10 | 1607 | |||
| Windows 10 | 1703 | |||
| Windows 10 | 1709 | |||
| Windows 10 | 1803 | |||
| Windows 10 | 1809 | |||
| Windows 7 | - | SP1 | ||
| Windows 8.1 | - | pro N | ||
| Windows Rt 8.1 | - | |||
| Windows Server 2008 | - | SP2 | ||
| Windows Server 2008 | R2 | itanium | ||
| Windows Server 2008 | R2 | x64 | ||
| Windows Server 2012 | - | |||
| Windows Server 2012 | R2 | |||
| Windows Server 2016 | - | |||
| Windows Server 2016 | 1709 | |||
| Windows Server 2016 | 1803 | |||
| Windows Server 2019 | - |
修复补丁
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639利用方式
编译环境
- VS2019(V140)X64 Release
在Windows 2008 X64上测试通过的EXP,直接上GIF图
编译环境
VS2019(V120)X64 Debug,需要安装如下包作为支撑
https://www.microsoft.com/zh-cn/download/confirmation.aspx?id=40770
Windows 7 X64测试通过的EXP,上GIF图
https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2018-8639