Exploit for Out-of-bounds Read in Microsoft exploit

Share

## https://sploitus.com/exploit?id=130F70AB-3F72-5009-88E2-6A283C7EF70C # POC CVE-2022-21877 This repository contains a POC for the CVE-2022-21877, found by Quang Linh, working at STAR Labs. This is an information leak found inside the spaceport.sys driver. An accompying blogpost can be found at this adress. ## Using it To build the POC, simply run ``.\build``. To run it, you need a pool on your machine that can get a Tier. In my tests, this means having at least two storage pools, the primordial one and one another. All of this because the primordial pool cannot have a Tier attached. To get the necessary configuration, you can set up 5 virtuals disks on a virtual machine. The first three will be used automatically as the primordial pool by Microsoft. You can then create the second pool with the following command, as an administrator: ```PS1 New-StoragePool -FriendlyName Pool2 -StorageSubsystemFriendlyName "Windows Storage*" -PhysicalDisks (Get-PhysicalDisk -CanPool $True) ``` Once all set, launch the POC as an administrator by providing it the "FriendlyName" of the usable pool (for example the one you just created). ## Results of this POC Due to all the limitations to trigger the vulnerability (the storage pools configuration and being admin), i did not bother to actually get anything meaningful from it.