Windows Error Reporting Manager arbitrary file move Elevation of Privilege
You will need the NtApiDotNet library to run it, as well as a valid
Report.wer file, both to be placed in the same directory as the
To generate a WER report file, you can run the
[Environment]::FailFast('Error') command in PowerShell, and look for the report file in
The script can be run with the following command:
powershell -exec bypass -C ". .\poc.ps1; Test-Exploit"
Tested on Windows 10 1903.