CVE-2015-1305

McAfee Data Loss Prevention Endpoint - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1305. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in McAfee Data Loss Prevention Endpoint by leveraging an arbitrary write flaw in the hdlpctrl.sys driver. It includes shellcode to steal the SYSTEM token and elevate privileges on Windows XP SP3 and Windows Server 2003 SP2.

Description

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

Exploits (1)

exploitdb WORKING POC

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/35953

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in McAfee Data Loss Prevention Endpoint by leveraging an arbitrary write flaw in the hdlpctrl.sys driver. It includes shellcode to steal the SYSTEM token and elevate privileges on Windows XP SP3 and Windows Server 2003 SP2.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: McAfee Data Loss Prevention Endpoint 9.3.200.23

No auth needed

Prerequisites: Access to a vulnerable Windows XP SP3 or Windows Server 2003 SP2 system with McAfee DLP Endpoint 9.3.200.23 installed

MITRE ATT&CK