CVE-2018-1000117 PoC — Python Software Foundation CPython on Windows 缓冲区错误漏洞

Source

https://github.com/u0pattern/CVE-2018-1000117-Exploit

Associated Vulnerability

Title:Python Software Foundation CPython on Windows 缓冲区错误漏洞 (CVE-2018-1000117)
Description:Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

Description

Buffer Overflow Vulnerability that can result ACE

Readme

## CVE-2018-1000117
-----------

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

-----------
## Vulnerable Versions

    Python 2.7
    Python 3.4
    Python 3.5
    Python 3.6

------------
## Credits
* Alexey Izbyshev (Reporter) - ![GitHub](https://assets-cdn.github.com/favicon.ico) [Alexey Izbyshev](https://github.com/izbyshev)
* 1337r00t (Exploiter) - ![Twitter](https://abs.twimg.com/favicons/favicon.ico) [1337r00t](https://twitter.com/_1337r00t)

File Snapshot


 [4.0K]  /data/pocs/941e76e5b2774d3ebca2e0a1f72961bd6919538f
├── [ 999]  p0c.py
└── [ 830]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!