dEEpEst Posted March 15, 2018 Share Posted March 15, 2018 [h=1]Slui File Handler Hijack LPE[/h] [TABLE] [TR] Exploit Information [/TR] [TR] [TD=align: left]Publish Date[/TD] [TD=align: left]15.01.2018[/TD] [/TR] [TR] [TD=align: left]Patched[/TD] [TD=align: left]-[/TD] [/TR] [TR] [TD=align: left]Target[/TD] [TD=align: left]Microsoft Windows[/TD] [/TR] [TR] [TD=align: left]exploit-db[/TD] [TD=align: left]N/A[/TD] [/TR] [TR] [TD=align: left]CVE[/TD] [TD=align: left]N/A[/TD] [/TR] [TR] [TD=align: left]Versions[/TD] [TD=align: left]Windows 8-10, x86 and x64[/TD] [/TR] [/TABLE] [h=2]Description[/h] slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. Read access to HKCU\Software\Classes\exefile\shell\open is performed upon execution. Due to the registry key being accessible from user mode, an arbitrary executable file can be injected. This exploit is generally independent from programming language and bitness, as no DLL injection or privileged file copy is needed. In addition, if default system binaries suffice, file drops can be avoided altogether. [h=2]Expected Result[/h] When everything worked correctly, a cmd.exe should be spawned with high IL. [h=2]Downloads[/h] Compiled binaries: [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] [h=2]Project Page[/h] [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Link to comment Share on other sites More sharing options...
Recommended Posts