- The PoC program exploits the IMFForceDelete driver which exposes an ioctl that allows unprivileged users to delete files and folders. We can turn this into a privilege escalation by using a technique explained by ZDI and Halov, which exploits the MSI rollback mechanism which is designed to maintain system integrity in case of issues. By deleting and recreating it with a weak DACL and fake RBF and RBS files we can gain the ability to make arbitrary changes to the system as NT AUTHORITY\SYSTEM.
forked from ZeroMemoryEx/IObit-EoP
-
Notifications
You must be signed in to change notification settings - Fork 0
Sec-Fork/IObit-EoP
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
(0day) Local Privilege Escalation in IObit Malware Fighter
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 61.2%
- C++ 38.8%