CVE-2023-28252 PoC — Windows Common Log File System Driver Elevation of Privilege Vulnerability

Source

https://github.com/Vulmatch/CVE-2023-28252

Associated Vulnerability

Title:Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2023-28252)
Description:Windows Common Log File System Driver Elevation of Privilege Vulnerability

Description

The TL;DR for the learnings of Windows Vulnerability CVE-2023-28252

Readme

# CVE-2023-28252
The TL;DR for the learnings of Windows Vulnerability CVE-2023-28252


So this weekend I was practising the Aero machine on Hack The Box. The box is so much fun playing it when you can mimic a real-world attack to a Windows 11 machine. After completing it, I was very curious and wanting to know how the privilage-escalation exploit works. So I mainly read the article written by the exploit author [1]. The description is very detailed, well-explained. But going through the whole process takes a lot of time. To better demonstrate the exploit workflow, I want to visualize the process here. A big solute to the exploit authors Ricardo narvaja and  Esteban kazimirow, as well as the authors from Qianxin[2].

![](1.png)
![](2.png)
![](3.png)

[1] https://github.com/fortra/CVE-2023-28252

[2] https://ti.qianxin.com/blog/articles/CVE-2023-28252-Analysis-of-In-the-Wild-Exploit-Sample-of-CLFS-Privilege-Escalation-Vulnerability/

File Snapshot


 [4.0K]  /data/pocs/9d53ac0b75ef7ce8cc20f78c93c761e4edb2b6d6
├── [ 23K]  1.png
├── [ 42K]  2.png
├── [ 67K]  3.png
└── [ 945]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!