Preface
This project is a Windows privilege collection project. Except for failing the test EXP, there are detailed instructions and demonstration GIF pictures. If the code in the project has your code, please submit Issues if you are the source of the mark.
Prompt
This project prioritizes tracking of kernel-related privilege escalation vulnerabilities. If there is a remote command execution for the vulnerability in the current month, it will only be updated when the Internet is in EXP or POC. If there is any omission, please mention Issues and bring the exploit code.
中文文档 | EnglishDocumentation
Numbered list
| SecurityBulletin | Description | OperatingSystem |
|---|---|---|
| CVE-2021-1732 | Windows Win32k | Windows 10/2019/Server |
| CVE-2021-1709 | Windows Win32k | Windows 7/8.1/10/2008/2012/2016/2019/Server |
| CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability | Windows 7/8.1/10/2008/2012/2016/2019/Server |
| CVE-2020-16938 | Windows Kernel Information Disclosure Vulnerability | Windows Server |
| CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability | Windows 10/2019/Server |
| CVE-2020-1472 | Netlogon Elevation of Privilege | Windows 2008/2012/2016/2019/Server |
| CVE-2020-0796 | SMBv3 Remote Code Execution | Windows Server |
| CVE-2020-0787 | Windows Background Intelligent Transfer Service | Windows 7/8/10/2008/2012/2016/2019 |
| CVE-2019-1458 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016 |
| CVE-2019-1388 | Windows Certificate Dialog Elevation of Privilege | Windows 7/8/2008/2012/2016/2019 |
| CVE-2019-0859 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
| CVE-2019-0803 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
| CVE-2018-8639 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
| CVE-2018-8453 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/2016/2019 |
| CVE-2018-8440 | Windows ALPC Elevation of Privilege | Windows 7/8/10/2008/2012/2016 |
| CVE-2018-8120 | Win32k Elevation of Privilege | Windows 7/2008 |
| CVE-2018-1038 | Windows Kernel Elevation of Privilege | Windows 7/2008 |
| CVE-2018-0743 | Windows Subsystem for Linux Elevation of Privilege | Windows 10/2016 |
| CVE-2018-0833 | SMBv3 Null Pointer Dereference Denial of Service | Windows 8/2012 |
| CVE-2017-8464 | LNK Remote Code Execution | Windows 7/8/10/2008/2012/2016 |
| CVE-2017-0213 | Windows COM Elevation of Privilege | Windows 7/8/10/2008/2012/2016 |
| CVE-2017-0143 | Windows Kernel Mode Drivers | Windows 7/8/10/2008/2012/2016/Vista |
| CVE-2017-0101 | GDI Palette Objects Local Privilege Escalation | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-7255 | Windows Kernel Mode Drivers | Windows 7/8/10/2008/2012/2016/Vista |
| CVE-2016-3371 | Windows Kernel Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-3309 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-3225 | Windows SMB Server Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-0099 | Secondary Logon Handle | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-0095 | Win32k Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-0051 | WebDAV Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2016-0041 | Win32k Memory Corruption Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2015-2546 | Win32k Memory Corruption Elevation of Privilege | Windows 7/8/10/2008/2012/Vista |
| CVE-2015-2387 | ATMFD.DLL Memory Corruption | Windows 7/8/2003/2008/2012/Vista/Rt |
| CVE-2015-2370 | Windows RPC Elevation of Privilege | Windows 7/8/10/2003/2008/2012/Vista |
| CVE-2015-1725 | Win32k Elevation of Privilege | Windows 7/8/10/2003/2008/2012/Vista |
| CVE-2015-1701 | Windows Kernel Mode Drivers | Windows 7/2003/2008/Vista |
| CVE-2015-0062 | Windows Create Process Elevation of Privilege | Windows 7/8/2008/2012 |
| CVE-2015-0057 | Win32k Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
| CVE-2015-0003 | Win32k Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
| CVE-2015-0002 | Microsoft Application Compatibility Infrastructure Elevation of Privilege | Windows 7/8/2003/2008/2012 |
| CVE-2014-6324 | Kerberos Checksum Vulnerability | Windows 7/8/2003/2008/2012/Vista |
| CVE-2014-6321 | Microsoft Schannel Remote Code Execution | Windows 7/8/2003/2008/2012/Vista |
| CVE-2014-4113 | Win32k.sys Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
| CVE-2014-4076 | TCP/IP Elevation of Privilege | Windows 2003 |
| CVE-2014-1767 | Ancillary Function Driver Elevation of Privilege | Windows 7/8/2003/2008/2012/Vista |
| CVE-2013-5065 | NDProxy.sys | Windows XP/2003 |
| CVE-2013-1345 | Kernel Driver | Windows 7/8/2003/2008/2012/Vista/Rt/Xp |
| CVE-2013-1332 | DirectX Graphics Kernel Subsystem Double Fetch | Windows 7/8/2003/2008/2012/Vista/Rt |
| CVE-2013-0008 | Win32k Improper Message Handling | Windows 7/8/2008/2012/Vista/Rt |
| CVE-2012-0217 | Service Bus | Windows 7/2003/2008/Xp |
| CVE-2012-0002 | Remote Desktop Protocol | Windows 7/2003/2008/Vista/Xp |
| CVE-2011-2005 | Ancillary Function Driver Elevation of Privilege | Windows 2003/Xp |
| CVE-2011-1974 | NDISTAPI Elevation of Privilege | Windows 2003/Xp |
| CVE-2011-1249 | Ancillary Function Driver Elevation of Privilege | Windows 7/2003/2008/Vista/Xp |
| CVE-2011-0045 | Windows Kernel Integer Truncation | Windows Xp |
| CVE-2010-4398 | Driver Improper Interaction with Windows Kernel | Windows 7/2003/2008/Vista/Xp |
| CVE-2010-3338 | Task Scheduler | Windows 7/2008/Vista |
| CVE-2010-2554 | Tracing Registry Key ACL | Windows 7/2008/Vista |
| CVE-2010-1897 | Win32k Window Creation | Windows 7/2003/2008/Vista/Xp |
| CVE-2010-0270 | SMB Client Transaction | Windows 7/2008 |
| CVE-2010-0233 | Windows Kernel Double Free | Windows 2000/2003/2008/Vista/Xp |
| CVE-2010-0020 | SMB Pathname Overflow | Windows 7/2000/2003/2008/Vista/Xp |
| CVE-2009-2532 | SMBv2 Command Value | Windows 2008/Vista |
| CVE-2009-0079 | Windows RPCSS Service Isolation | Windows 2003/Xp |
| CVE-2008-4250 | Server Service | Windows 2000/2003/Vista/Xp |
| CVE-2008-4037 | SMB Credential Reflection | Windows 2000/2003/2008/Vista/Xp |
| CVE-2008-3464 | AFD Kernel Overwrite | Windows 2003/Xp |
| CVE-2008-1084 | Win32.sys | Windows 2000/2003/2008/Vista/Xp |
| CVE-2006-3439 | Remote Code Execution | Windows 2000/2003/Xp |
| CVE-2005-1983 | PnP Service | Windows 2000/Xp |
| CVE-2003-0352 | Buffer Overrun In RPC Interface | Windows 2000/2003/Xp/Nt |
-
Test target system
#Windows 7 SP1 X64 ed2k://|file|cn_windows_7_home_premium_with_sp1_x64_dvd_u_676691.iso|3420557312|1A3CF44F3F5E0BE9BBC1A938706A3471|/ #Windows 7 SP1 X86 ed2k://|file|cn_windows_7_home_premium_with_sp1_x86_dvd_u_676770.iso|2653276160|A8E8BD4421174DF34BD14D60750B3CDB|/ #Windows Server 2008 R2 SP1 X64 ed2k://|file|cn_windows_server_2008_r2_standard_enterprise_datacenter_and_web_with_sp1_x64_dvd_617598.iso|3368839168|D282F613A80C2F45FF23B79212A3CF67|/ #Windows Server 2003 R2 SP2 x86 ed2k://|file|cn_win_srv_2003_r2_enterprise_with_sp2_vl_cd1_X13-46432.iso|637917184|284DC0E76945125035B9208B9199E465|/ #Windows Server 2003 R2 SP2 x64 ed2k://|file|cn_win_srv_2003_r2_enterprise_x64_with_sp2_vl_cd1_X13-47314.iso|647686144|107F10D2A7FF12FFF0602FF60602BB37|/ #Windows Server 2008 SP2 x86 ed2k://|file|cn_windows_server_standard_enterprise_and_datacenter_with_sp2_x86_dvd_x15-41045.iso|2190057472|E93B029C442F19024AA9EF8FB02AC90B|/ #Windows Server 2000 SP4 x86 ed2k://|file|ZRMPSEL_CN.iso|402690048|00D1BDA0F057EDB8DA0B29CF5E188788|/ #Windows Server 2003 SP2 x86 thunder://QUFodHRwOi8vcy5zYWZlNS5jb20vV2luZG93c1NlcnZlcjIwMDNTUDJFbnRlcnByaXNlRWRpdGlvbi5pc29aWg== #Windows 8.1 x86 ed2k://|file|cn_windows_8_1_enterprise_x86_dvd_2972257.iso|3050842112|6B60ABF8282F943FE92327463920FB67|/ #Windows 8.1 x64 ed2k://|file|cn_windows_8_1_x64_dvd_2707237.iso|4076017664|839CBE17F3CE8411E8206B92658A91FA|/ #Windows 10 1709 x64 ed2k://|file|cn_windows_10_multi-edition_vl_version_1709_updated_dec_2017_x64_dvd_100406208.iso|5007116288|317BDC520FA2DD6005CBA8293EA06DF6|/ #Windows 10 2004 x64 (2020-05-21 release version) magnet:?xt=urn:btih:8E49569FDE852E4F3CCB3D13EFB296B6B02D82A6 #Windows 10 1909 x64 ed2k://|file|cn_windows_10_business_editions_version_1909_x64_dvd_0ca83907.iso|5275090944|9BCD5FA6C8009E4D0260E4B23008BD47|/
-
Linux compilation environment
sudo vim /etc/apt/sources.list #在sources.list末尾添加deb http://us.archive.ubuntu.com/ubuntu trusty main universe sudo apt-get update sudo apt-get install mingw32 mingw32-binutils mingw32-runtime sudo apt-get install gcc-mingw-w64-i686 g++-mingw-w64-i686 mingw-w64-tools -
Windows compilation environment
VS2019(内置V142、V141、V120、V110、V100、V141_xp、V120_xp、V110_xp、MFC)
Due to the large content of the project, it is inevitable that there will be some typos or missing CVE numbers. If you find an error, you still hope to submit Issues to help me maintain the project.
No test success number
The following numbers are all CVEs that failed to pass the recurrence test after screening, with reasons for failure, and welcome to submit PR
| SecurityBulletin | Remarks |
|---|---|
| CVE-2021-1709 | January 2021 patch, routine update |
| CVE-2020-17087 | Patch in November 2020, only proof of concept, no exploit code |
| CVE-2015-0002 | Source code failed to test |
| CVE-2015-0062 | Source code and EXP failed to test successfully |
| CVE-2015-1725 | Unknown compilation method with source code |
| CVE-2016-3309 | Source code and EXP failed to test successfully |
| CVE-2014-6321 | Only winshock_test.sh file |
| CVE-2019-0859 | Need to install windows7 sp1 x64 Need to update the March 2019 patch |
| CVE-2018-8440 | unknown |
| CVE-2018-1038 | Unknown compilation method with source code |
| CVE-2013-5065 | Lack of NDProxy environment |
| CVE-2013-0008 | unknown |
| CVE-2009-0079 | Failed to use |
| CVE-2011-0045 | Could not find available EXP |
| CVE-2010-2554 | Could not find available EXP |
| CVE-2005-1983 | Source code and EXP failed to test successfully |
| CVE-2012-0002 | Blue screen vulnerabilities have no practical value |
| CVE-2010-0020 | Could not find available EXP |
| CVE-2014-6324 | unknown |
| CVE-2018-0743 | Could not find available EXP |
This project is only oriented to legally authorized corporate safety construction behaviors. When using this project for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization.
If you have any illegal behavior in the process of using this project, you need to bear the corresponding consequences yourself, and we will not bear any legal and joint liabilities.
Before using this project, please read carefully and fully understand the content of each clause. Restrictions, exemption clauses or other clauses involving your major rights and interests may be bolded, underlined, etc. to remind you to pay attention. Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not use this item. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed to have been read and agreed to be bound by this agreement.