CVE-2020-11493 PoC — Foxit Reader和PhantomPDF 数据伪造问题漏洞

Source

https://github.com/fengjixuchui/CVE-2020-11493

Associated Vulnerability

Title:Foxit Reader和PhantomPDF 数据伪造问题漏洞 (CVE-2020-11493)
Description:In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

Readme

# CVE-2020-11492

Proof-of-Concept (PoC) for Docker Desktop for Windows privilege escalation vulnerability. This vulnerability was
patched in Docker version 2.3.0.2 on May 11th, 2020.

This PoC performs the following:

- creates a named pipe mimicking docker named pipe `\\.\\pipe\\dockerLifecycleServer`,
- call `ImpersonateNamedPipeClient` after connection from docker service,
- retrieve and duplicate the impersonated access token from the current thread,
- launch a new process with the token. The new process will run as `SYSTEM`.

## Note

The right to impersonate the named pipe client is not held by standard users. To exploit, one must run this PoC as an account with the right, for example `nt authority\network service`.

# References
- https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/

File Snapshot


 [4.0K]  /data/pocs/5ac8fcbf813f4b78cbb0a44b626697b9211b1ddf
├── [4.0K]  CVE-2020-11492
│   ├── [3.7K]  CVE-2020-11492.cpp
│   ├── [7.2K]  CVE-2020-11492.vcxproj
│   └── [1.0K]  CVE-2020-11492.vcxproj.filters
├── [5.8M]  cve-2020-11492.gif
├── [1.4K]  CVE-2020-11492.sln
└── [ 846]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!