Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0683 PoC — Microsoft Windows Installer 安全漏洞

Source
https://github.com/padovah4ck/CVE-2020-0683
Associated Vulnerability
Title:Microsoft Windows Installer 安全漏洞 (CVE-2020-0683)
Description:An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
Description
CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege
Readme
# CVE-2020-0683
Original Poc sent to MSRC. 
Assigned to CVE-2020-0683 - Windows Installer Elevation of Privilege

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0683 

Source code for Visual Studio C++ 2017 

Please read the PDF that describes all the findings and steps to reproduce.

Inside "bin_MsiExploit" you'll find the exploit (exe) to execute.

DEMO
![Screenshot](msi_eop.gif?raw=true)  

---

![Beer](https://icons.iconarchive.com/icons/flat-icons.com/flat/48/Beer-icon.png)  [Buy me a beer if you like ;-)](https://www.buymeacoffee.com/padovah4ck)
File Snapshot

 [4.0K]  /data/pocs/d6f7bbd69abc68132233485a99eaa262487f16cf
├── [4.0K]  bin_MsiExploit
│   ├── [184K]  foo.msi
│   └── [168K]  MsiExploit.exe
├── [2.2M]  msi_eop.gif
├── [719K]  MSI_EoP_New.pdf
├── [ 587]  README.md
├── [ 234]  readme_run_exploit.txt
└── [4.0K]  src_MsiExploit
    ├── [4.0K]  MsiExploit
    │   ├── [4.2K]  CommonUtils.cpp
    │   ├── [1.2K]  CommonUtils.h
    │   ├── [4.9K]  FileOpLock.cpp
    │   ├── [ 805]  FileOpLock.h
    │   ├── [184K]  foo.msi
    │   ├── [8.7K]  MsiExploit.cpp
    │   ├── [2.0K]  MsiExploit.filters
    │   ├── [ 463]  MsiExploit.user
    │   ├── [8.8K]  MsiExploit.vcxproj
    │   ├── [ 463]  MsiExploit.vcxproj.user
    │   ├── [2.8K]  ntimports.h
    │   ├── [ 165]  readfile.user
    │   ├── [ 13K]  ReparsePoint.cpp
    │   ├── [1.2K]  ReparsePoint.h
    │   ├── [ 814]  runExploit.bat
    │   ├── [1.8K]  ScopedHandle.cpp
    │   ├── [ 498]  ScopedHandle.h
    │   ├── [ 304]  stdafx.cpp
    │   ├── [ 365]  stdafx.h
    │   ├── [ 314]  targetver.h
    │   └── [1.3K]  typed_buffer.h
    ├── [1.4K]  MsiExploit.sln
    └── [4.0K]  x64
        ├── [4.0K]  Debug
        │   ├── [184K]  foo.msi
        │   └── [218K]  MsiExploit.exe
        └── [4.0K]  Release
            └── [184K]  foo.msi

6 directories, 31 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →