Skip to content

Latest commit

 

History

History
6 lines (5 loc) · 662 Bytes

README.md

File metadata and controls

6 lines (5 loc) · 662 Bytes

This write-up for this exploit can be found on our website

Vulnerabilities enabling an unprivileged profile to make a service, run in SYSTEM security context or delete an arbitrary directory/file are not a rare occurrence. They are mostly ignored by security researchers doing vulnerability hunting- as there is no established path to escalation of privilege using such a primitive. By chance I have found such a path- using an unlikely quirk in the Windows Error Reporting Service. The technical details are neither brilliant nor novel- but a writeup has been requested by several Twitter users.