LPE vulnerabilities exploitation on Windows 10 Anniversary Update
eJwXM6v
eJwXM6v
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
C<strong>on</strong>clusi<strong>on</strong><br />
• We can use method of arbitrary read/write via USER objects when we can<br />
write specific address.<br />
• We can use tagCLS.lpszMenuName spray for other <str<strong>on</strong>g>vulnerabilities</str<strong>on</strong>g>.<br />
• We also can use predicti<strong>on</strong> of GDI objects addresses to make <str<strong>on</strong>g>exploitati<strong>on</strong></str<strong>on</strong>g><br />
more stable.<br />
• We can use GDI structures(tagDCE), USER objects, USER structures allocated<br />
<strong>on</strong> GDI pool for <str<strong>on</strong>g>exploitati<strong>on</strong></str<strong>on</strong>g>. Choice of object will depend <strong>on</strong> vulnerability.