Immunity Canvas: MS16_111

2016-09-14T10:59:00
ID MS16_111
Type canvas
Reporter Immunity Canvas
Modified 2016-09-14T10:59:00

Description

Name| ms16_111
---|---
CVE| CVE-2016-3371
Exploit Pack| CANVAS
Description| MS16-111 Registry Hive Hijack
Notes| CVE Name: CVE-2016-3371
VENDOR: Microsoft
Notes:
Tested against:
Windows 10 x64 EN (both Chinese and English usernames) - SUCCESSFUL EOP

Windows XP x86 - EXECUTABLE DOES NOT RUN
Windows 7 x86 - NOT VULNERABLE
Windows Server 2008 R2 x86_64 - NOT VULNERABLE

Windows 8.1 x86 - SUCCESSFUL EOP
Windows 8.1 x64 - SUCCESSFUL EOP

Credit to James Foreshaw of Google Project Zero for exposing the vulnerability and inspiring us with an exploitation technique.

Repeatability: Infinite
References: ['https://technet.microsoft.com/en-us/library/security/ms16-111.aspx', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=865']
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3371