WebDAV local mention the right Vulnerability, CVE-2 0 1 6-0 0 5 1. THE POC & EXP-vulnerability warning-the black bar safety net

2016-02-17T00:00:00
ID MYHACK58:62201671824
Type myhack58
Reporter 佚名
Modified 2016-02-17T00:00:00

Description

Vulnerability information

The vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV), if Microsoft Web Distributed Authoring and Versioning (WebDAV) client to validate the input properly, then which will present elevation of privilege vulnerability. Successful exploitation of this vulnerability an attacker can use the elevated privileges to execute arbitrary code.

To exploit this vulnerability, an attacker must first log into the system. Then, the attacker can run a to exploit this vulnerability via a specially designed app to control the affected system.

Workstations and servers the most vulnerable to this attack threat. This security update addresses the vulnerabilities by correcting the WebDAV authentication input the way to fix this vulnerability.

Vulnerability scope

Windows Vista SP2 x86 & x64 (elevation of Privilege)

Windows Server 2 0 0 8 SP2 x86 & x64 (elevation of Privilege)

Windows Server 2 0 0 8 R2 SP1 x64(elevation of Privilege)

Windows 7 SP1 x86 & x64 (elevation of Privilege)

Windows 8.1 x86 & x64(denial of service)

Windows Server 2 0 1 2(denial of service)

Windows Server 2 0 1 2 R2(denial of service)

Windows RT 8.1(denial of service)

Windows 1 0(denial of service)

POC & EXP

Vulnerability the author released a blue screen of POC as well as for the 3 2-bit win7 system. the right to EXP

Address:

<https://github.com/koczkatamas/CVE-2016-0051>

Windows 7 SP1 x86 local provide the right demo:

! /Article/UploadPic/2016-2/201621718202573.gif

Windows 1 0 x64 blue screen demonstration:

! /Article/UploadPic/2016-2/201621718204258.gif

Repair recommendations

Through the windows Update program to automatically download and install updates. Or go toMicrosoft Security Centerto obtain the stand-alone update package.