Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-36802 PoC — Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Source
https://github.com/x0rb3l/CVE-2023-36802-MSKSSRV-LPE
Associated Vulnerability
Title:Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802)
Description:Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Description
PoC for CVE-2023-36802 Microsoft Kernel Streaming Service Proxy
Readme
# CVE-2023-36802 MSKSSRV.sys Local Privilege Escalation
PoC for CVE-2023-36802 Microsoft Kernel Streaming Service Proxy which suffers from a type confusion vulnerability. 

This proof-of-concept is modeled after the write-up done by Benoît Sevens (@benoitsevens). The article can be found here: https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-36802.html

Original exploit and writeup done by Valentina Palmiotti (@chompie1337)
https://securityintelligence.com/x-force/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/

NOTE: This was only tested on Windows 11 22H2 22621.1848. PreviousMode attacks may be mitigated in insider builds.

![image](https://github.com/x0rb3l/CVE-2023-36802-MSKSSRV-LPE/assets/29740744/35b7a53e-f3f6-4f3f-bd9e-27e7d9f9be71)
File Snapshot

 [4.0K]  /data/pocs/76ff88162b9dcd494058e41522635924cbf41573
├── [ 810]  README.md
├── [ 17K]  Source.c
└── [3.7K]  Types.h

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →