Video oldindan ko‘rish uchun mavjud emas
Telegram'da ko‘rish
CVE-2024-26238: WINDOWS 10 PLUGSCHEDULER ELEVATION OF PRIVILEGE
This vulnerability is an arbitrary file write. It can be used to execute code as SYSTEM by writing a DLL file in C:\Windows\System32\SprintCSP.dll and triggering the SvcRebootToFlashingMode method of the StorSvc service (as detailed in LPE via StorSvc). Note that this is only an example as to how the file write vulnerability can be leveraged to achieve elevation of privilege, and there are many other ways to do so.
This vulnerability is an arbitrary file write. It can be used to execute code as SYSTEM by writing a DLL file in C:\Windows\System32\SprintCSP.dll and triggering the SvcRebootToFlashingMode method of the StorSvc service (as detailed in LPE via StorSvc). Note that this is only an example as to how the file write vulnerability can be leveraged to achieve elevation of privilege, and there are many other ways to do so.