Lucene search

K
canvasImmunity CanvasMS10_059
HistoryAug 11, 2010 - 6:47 p.m.

Immunity Canvas: MS10_059

2010-08-1118:47:00
Immunity Canvas
exploitlist.immunityinc.com
46

EPSS

0.001

Percentile

19.1%

Name ms10_059
CVE CVE-2010-2554 Exploit Pack
CVE Name: CVE-2010-2554
VENDOR: Microsoft
Notes:
This exploit gain SYSTEM from NETWORK_SERVICE or DefaultAppPool user by duplicating
a handle obtained from a tracing feature for services by writing on a key registry
with low access protection.

This is a port of Cesar Cerrudo’s Chimichurri Token kidnapping for fitting in MOSDEF.

Should work on Windows 2008 and 7 without patch ms10_059 aka KB982799.

MSADV: MS10-059
Date Public: 08/10/2010
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2554
CVSS: 6.8