Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-8464 PoC — 多款Microsoft产品访问控制错误漏洞

Source
https://github.com/X-Vector/usbhijacking
Associated Vulnerability
Title:多款Microsoft产品访问控制错误漏洞 (CVE-2017-8464)
Description:Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
Description
Usbhijacking | CVE-2017-8464
Readme
# CVE-2017-8464 PoC

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability . 

CVSS Score  
- 9.3

Confidentiality Impact 
- Complete (There is total information disclosure, resulting in all system files being revealed.)

Integrity Impact
- Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)

Availability Impact 
- Complete (There is a total shutdown of the affected resource. The attacker 
can render the resource completely unavailable.)

Access Complexity 
- Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)

Authentication 
- Not required (Authentication is not required to exploit the vulnerability.)

Gained Access
- None

Vulnerability Type(s)
- Execute Code

# Contact Me 
[Facebook](https://www.facebook.com/X.Vector1) - [Linkedin](https://www.linkedin.com/in/mohamed-abdelfatah-509b01149/)
File Snapshot

 [4.0K]  /data/pocs/ce3b1e021d16a197821e9f388580f533d75637a6
├── [1.4K]  README.md
└── [6.0K]  usbhijacking.rb

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →