WebDAV Elevation of Privilege Vulnerability (MS16)-2

vendor:

Windows 7

by:

hex0r

7,8

CVSS

HIGH

Elevation of Privilege

269

CWE

Product Name: Windows 7

Affected Version From: Windows 7 84x

Affected Version To: Windows 7 84x

Patch Exists: YES

Related CWE: CVE-2016-0051

CPE: o:microsoft:windows_7::sp1:84x

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2016

WebDAV Elevation of Privilege Vulnerability (MS16)-2

Credits go to koczkatama for coding a PoC, however if you run this exploit from shell connection, not a remote desktop, the result will be getting the privileged shell in new GUI windows. PoC: Download the source code (C#) also there will be compiled version as well, copy the dll file and the executable to the target machine, run it to get SYSTEM.

Mitigation:

Apply the latest security patches and updates to the system.

Source

Exploit-DB raw data:

# Exploit Title: WebDAV Elevation of Privilege Vulnerability (MS16)-2
# Date: 8/5/2016
# Exploit Author: hex0r
# Version:WebDAV on Windows 7 84x
# CVE : CVE-2016-0051


Intro:
Credits go to koczkatama for coding a PoC, however if you run this exploit
from shell connection, not a remote desktop, the result will be getting the
privileged shell in new GUI windows.

Again Thanks to
https://github.com/koczkatamas/CVE-2016-0051
https://www.exploit-db.com/exploits/39432/

PoC:
Download the source code (C#) also there will be compiled version as well,
copy the dll file and the executable to the target machine, run it to get
SYSTEM,


Proof of Concept:
https://github.com/hexx0r/CVE-2016-0051
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39788.zip