├── .gitignore
├── CVE-2019-12750.sln
├── CVE-2019-12750
├── CVE-2019-12750.cpp
├── CVE-2019-12750.vcxproj
├── CVE-2019-12750.vcxproj.filters
├── stdafx.cpp
├── stdafx.h
└── targetver.h
├── README.md
└── master
├── master.cpp
├── master.vcxproj
├── master.vcxproj.filters
├── stdafx.cpp
├── stdafx.h
└── targetver.h
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Aa][Rr][Mm]/
27 | [Aa][Rr][Mm]64/
28 | bld/
29 | [Bb]in/
30 | [Oo]bj/
31 | [Ll]og/
32 | [Ll]ogs/
33 |
34 | # Visual Studio 2015/2017 cache/options directory
35 | .vs/
36 | # Uncomment if you have tasks that create the project's static files in wwwroot
37 | #wwwroot/
38 |
39 | # Visual Studio 2017 auto generated files
40 | Generated\ Files/
41 |
42 | # MSTest test Results
43 | [Tt]est[Rr]esult*/
44 | [Bb]uild[Ll]og.*
45 |
46 | # NUnit
47 | *.VisualState.xml
48 | TestResult.xml
49 | nunit-*.xml
50 |
51 | # Build Results of an ATL Project
52 | [Dd]ebugPS/
53 | [Rr]eleasePS/
54 | dlldata.c
55 |
56 | # Benchmark Results
57 | BenchmarkDotNet.Artifacts/
58 |
59 | # .NET Core
60 | project.lock.json
61 | project.fragment.lock.json
62 | artifacts/
63 |
64 | # StyleCop
65 | StyleCopReport.xml
66 |
67 | # Files built by Visual Studio
68 | *_i.c
69 | *_p.c
70 | *_h.h
71 | *.ilk
72 | *.meta
73 | *.obj
74 | *.iobj
75 | *.pch
76 | *.pdb
77 | *.ipdb
78 | *.pgc
79 | *.pgd
80 | *.rsp
81 | *.sbr
82 | *.tlb
83 | *.tli
84 | *.tlh
85 | *.tmp
86 | *.tmp_proj
87 | *_wpftmp.csproj
88 | *.log
89 | *.vspscc
90 | *.vssscc
91 | .builds
92 | *.pidb
93 | *.svclog
94 | *.scc
95 |
96 | # Chutzpah Test files
97 | _Chutzpah*
98 |
99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 |
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 |
116 | # Visual Studio Trace Files
117 | *.e2e
118 |
119 | # TFS 2012 Local Workspace
120 | $tf/
121 |
122 | # Guidance Automation Toolkit
123 | *.gpState
124 |
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 |
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 |
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 |
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 |
140 | # Coverlet is a free, cross platform Code Coverage Tool
141 | coverage*[.json, .xml, .info]
142 |
143 | # Visual Studio code coverage results
144 | *.coverage
145 | *.coveragexml
146 |
147 | # NCrunch
148 | _NCrunch_*
149 | .*crunch*.local.xml
150 | nCrunchTemp_*
151 |
152 | # MightyMoose
153 | *.mm.*
154 | AutoTest.Net/
155 |
156 | # Web workbench (sass)
157 | .sass-cache/
158 |
159 | # Installshield output folder
160 | [Ee]xpress/
161 |
162 | # DocProject is a documentation generator add-in
163 | DocProject/buildhelp/
164 | DocProject/Help/*.HxT
165 | DocProject/Help/*.HxC
166 | DocProject/Help/*.hhc
167 | DocProject/Help/*.hhk
168 | DocProject/Help/*.hhp
169 | DocProject/Help/Html2
170 | DocProject/Help/html
171 |
172 | # Click-Once directory
173 | publish/
174 |
175 | # Publish Web Output
176 | *.[Pp]ublish.xml
177 | *.azurePubxml
178 | # Note: Comment the next line if you want to checkin your web deploy settings,
179 | # but database connection strings (with potential passwords) will be unencrypted
180 | *.pubxml
181 | *.publishproj
182 |
183 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
184 | # checkin your Azure Web App publish settings, but sensitive information contained
185 | # in these scripts will be unencrypted
186 | PublishScripts/
187 |
188 | # NuGet Packages
189 | *.nupkg
190 | # NuGet Symbol Packages
191 | *.snupkg
192 | # The packages folder can be ignored because of Package Restore
193 | **/[Pp]ackages/*
194 | # except build/, which is used as an MSBuild target.
195 | !**/[Pp]ackages/build/
196 | # Uncomment if necessary however generally it will be regenerated when needed
197 | #!**/[Pp]ackages/repositories.config
198 | # NuGet v3's project.json files produces more ignorable files
199 | *.nuget.props
200 | *.nuget.targets
201 |
202 | # Microsoft Azure Build Output
203 | csx/
204 | *.build.csdef
205 |
206 | # Microsoft Azure Emulator
207 | ecf/
208 | rcf/
209 |
210 | # Windows Store app package directories and files
211 | AppPackages/
212 | BundleArtifacts/
213 | Package.StoreAssociation.xml
214 | _pkginfo.txt
215 | *.appx
216 | *.appxbundle
217 | *.appxupload
218 |
219 | # Visual Studio cache files
220 | # files ending in .cache can be ignored
221 | *.[Cc]ache
222 | # but keep track of directories ending in .cache
223 | !?*.[Cc]ache/
224 |
225 | # Others
226 | ClientBin/
227 | ~$*
228 | *~
229 | *.dbmdl
230 | *.dbproj.schemaview
231 | *.jfm
232 | *.pfx
233 | *.publishsettings
234 | orleans.codegen.cs
235 |
236 | # Including strong name files can present a security risk
237 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
238 | #*.snk
239 |
240 | # Since there are multiple workflows, uncomment next line to ignore bower_components
241 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
242 | #bower_components/
243 |
244 | # RIA/Silverlight projects
245 | Generated_Code/
246 |
247 | # Backup & report files from converting an old project file
248 | # to a newer Visual Studio version. Backup files are not needed,
249 | # because we have git ;-)
250 | _UpgradeReport_Files/
251 | Backup*/
252 | UpgradeLog*.XML
253 | UpgradeLog*.htm
254 | ServiceFabricBackup/
255 | *.rptproj.bak
256 |
257 | # SQL Server files
258 | *.mdf
259 | *.ldf
260 | *.ndf
261 |
262 | # Business Intelligence projects
263 | *.rdl.data
264 | *.bim.layout
265 | *.bim_*.settings
266 | *.rptproj.rsuser
267 | *- [Bb]ackup.rdl
268 | *- [Bb]ackup ([0-9]).rdl
269 | *- [Bb]ackup ([0-9][0-9]).rdl
270 |
271 | # Microsoft Fakes
272 | FakesAssemblies/
273 |
274 | # GhostDoc plugin setting file
275 | *.GhostDoc.xml
276 |
277 | # Node.js Tools for Visual Studio
278 | .ntvs_analysis.dat
279 | node_modules/
280 |
281 | # Visual Studio 6 build log
282 | *.plg
283 |
284 | # Visual Studio 6 workspace options file
285 | *.opt
286 |
287 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
288 | *.vbw
289 |
290 | # Visual Studio LightSwitch build output
291 | **/*.HTMLClient/GeneratedArtifacts
292 | **/*.DesktopClient/GeneratedArtifacts
293 | **/*.DesktopClient/ModelManifest.xml
294 | **/*.Server/GeneratedArtifacts
295 | **/*.Server/ModelManifest.xml
296 | _Pvt_Extensions
297 |
298 | # Paket dependency manager
299 | .paket/paket.exe
300 | paket-files/
301 |
302 | # FAKE - F# Make
303 | .fake/
304 |
305 | # CodeRush personal settings
306 | .cr/personal
307 |
308 | # Python Tools for Visual Studio (PTVS)
309 | __pycache__/
310 | *.pyc
311 |
312 | # Cake - Uncomment if you are using it
313 | # tools/**
314 | # !tools/packages.config
315 |
316 | # Tabs Studio
317 | *.tss
318 |
319 | # Telerik's JustMock configuration file
320 | *.jmconfig
321 |
322 | # BizTalk build output
323 | *.btp.cs
324 | *.btm.cs
325 | *.odx.cs
326 | *.xsd.cs
327 |
328 | # OpenCover UI analysis results
329 | OpenCover/
330 |
331 | # Azure Stream Analytics local run output
332 | ASALocalRun/
333 |
334 | # MSBuild Binary and Structured Log
335 | *.binlog
336 |
337 | # NVidia Nsight GPU debugger configuration file
338 | *.nvuser
339 |
340 | # MFractors (Xamarin productivity tool) working folder
341 | .mfractor/
342 |
343 | # Local History for Visual Studio
344 | .localhistory/
345 |
346 | # BeatPulse healthcheck temp database
347 | healthchecksdb
348 |
349 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
350 | MigrationBackup/
351 |
352 | # Ionide (cross platform F# VS Code tools) working folder
353 | .ionide/
354 |
--------------------------------------------------------------------------------
/CVE-2019-12750.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.27703.2026
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CVE-2019-12750", "CVE-2019-12750\CVE-2019-12750.vcxproj", "{E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "master", "master\master.vcxproj", "{0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|x64 = Release|x64
15 | Release|x86 = Release|x86
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Debug|x64.ActiveCfg = Debug|x64
19 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Debug|x64.Build.0 = Debug|x64
20 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Debug|x86.ActiveCfg = Debug|Win32
21 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Debug|x86.Build.0 = Debug|Win32
22 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Release|x64.ActiveCfg = Release|x64
23 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Release|x64.Build.0 = Release|x64
24 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Release|x86.ActiveCfg = Release|Win32
25 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}.Release|x86.Build.0 = Release|Win32
26 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Debug|x64.ActiveCfg = Debug|x64
27 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Debug|x64.Build.0 = Debug|x64
28 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Debug|x86.ActiveCfg = Debug|Win32
29 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Debug|x86.Build.0 = Debug|Win32
30 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Release|x64.ActiveCfg = Release|x64
31 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Release|x64.Build.0 = Release|x64
32 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Release|x86.ActiveCfg = Release|Win32
33 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}.Release|x86.Build.0 = Release|Win32
34 | EndGlobalSection
35 | GlobalSection(SolutionProperties) = preSolution
36 | HideSolutionNode = FALSE
37 | EndGlobalSection
38 | GlobalSection(ExtensibilityGlobals) = postSolution
39 | SolutionGuid = {387C5DC7-DA3A-473B-AC6F-280F49AE838E}
40 | EndGlobalSection
41 | EndGlobal
42 |
--------------------------------------------------------------------------------
/CVE-2019-12750/CVE-2019-12750.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/CVE-2019-12750/CVE-2019-12750.cpp
--------------------------------------------------------------------------------
/CVE-2019-12750/CVE-2019-12750.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {E6A2C8F0-0BE8-40D6-82E8-9D93AE8754E1}
24 | Win32Proj
25 | CVE201912750
26 | 10.0.17134.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v141
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v141
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v141
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v141
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | Disabled
90 | true
91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | Use
102 | Level3
103 | Disabled
104 | true
105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | Use
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Console
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | Use
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 | MultiThreaded
142 |
143 |
144 | Console
145 | true
146 | true
147 | true
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 | Create
158 | Create
159 | Create
160 | Create
161 |
162 |
163 |
164 |
165 |
166 |
--------------------------------------------------------------------------------
/CVE-2019-12750/CVE-2019-12750.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 | Source Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/CVE-2019-12750/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/CVE-2019-12750/stdafx.cpp
--------------------------------------------------------------------------------
/CVE-2019-12750/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/CVE-2019-12750/stdafx.h
--------------------------------------------------------------------------------
/CVE-2019-12750/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/CVE-2019-12750/targetver.h
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Symantec Local Privilege Escalation - CVE-2019-12750
2 | ====================================================
3 |
4 | Based on the excellent writeup by [Kyriakos Economou](https://twitter.com/kyrecon):
5 |
6 | https://labs.nettitude.com/blog/cve-2019-12750-symantec-endpoint-protection-local-privilege-escalation-part-1/
7 |
8 | Only x64 and older Windows versions are supported for now.
9 |
--------------------------------------------------------------------------------
/master/master.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/master/master.cpp
--------------------------------------------------------------------------------
/master/master.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {0C59A12E-2CB8-4F93-BDB6-E4AF9853F1C4}
24 | Win32Proj
25 | master
26 | 10.0.17134.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v141
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v141
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v141
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v141
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | false
75 |
76 |
77 | true
78 |
79 |
80 | true
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | MaxSpeed
90 | true
91 | true
92 | true
93 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
94 | true
95 | MultiThreaded
96 |
97 |
98 | Console
99 | true
100 | true
101 | true
102 |
103 |
104 |
105 |
106 | Use
107 | Level3
108 | Disabled
109 | true
110 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
111 | true
112 |
113 |
114 | Console
115 | true
116 |
117 |
118 |
119 |
120 | Use
121 | Level3
122 | Disabled
123 | true
124 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
125 | true
126 |
127 |
128 | Console
129 | true
130 |
131 |
132 |
133 |
134 | Use
135 | Level3
136 | MaxSpeed
137 | true
138 | true
139 | true
140 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
141 | true
142 |
143 |
144 | Console
145 | true
146 | true
147 | true
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 | Create
158 | Create
159 | Create
160 | Create
161 |
162 |
163 |
164 |
165 |
166 |
--------------------------------------------------------------------------------
/master/master.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 | Source Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/master/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/master/stdafx.cpp
--------------------------------------------------------------------------------
/master/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/master/stdafx.h
--------------------------------------------------------------------------------
/master/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/v-p-b/cve-2019-12750/764782ac031962173a50249b85ba7d97b2d673b4/master/targetver.h
--------------------------------------------------------------------------------