'Discover new zero day vulnerability in Windows' and hackers publish on Twitter


Mr. Sandbox Escaper , a credible security researcher who discovered twice a day vulnerability in 2018, has discovered a new zero day vulnerability related to Windows file reading permission and reports it on Twitter.

Twitter: @evil_polar_bear: Readfile 0day
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html



A newly disclosed Windows zero day vulnerability is a problem in which a low privilege user or a malicious program can "read arbitrary file contents on a target Windows computer" It gains privilege of.

This zero day vulnerability exists in Windows MsiAdvertiseProduct, which allows you to generate ad scripts and to write registry and shortcut information to the installer. According to Sandbox Escaper, when calling this MsiAdvertiseProduct, it seems that the installer may create a copy of arbitrary file as system privilege and cause zero day vulnerability to enable reading of arbitrary files.

"This is still bad news as many document editing software like Office saves the file in a static location that includes the path and filename of the recently opened document," Sandbox Escaper says. You can see the actual reproduction of the zero day vulnerability in the following movie.

Readfile 0day - YouTube


According to Sandbox Escaper, this zero day vulnerability can also be confirmed by "creating two local accounts and reading one desktop.ini with the other account". In addition to this movie demonstration, Mr. Sandbox Escaper posted a link to GitHub on the concept proof code of this vulnerability, but the account of GitHub has been deleted since then. The patch for this vulnerability has not yet been distributed at the time of writing the article.

in Security, Posted by log1i_yk