CVE-2020-17136
HIGHWindows Cloud Files Mini Filter Driver - Privilege Escalation
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2020-17136. PoCs published by cssxn, xyddnljydd.
AI-analyzed exploit summary This PoC exploits CVE-2020-17136, a local privilege escalation vulnerability in Windows Cloud Experience Host Service (CfApi). It abuses symbolic link and placeholder creation to overwrite arbitrary files, leading to EoP.
Description
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Exploits (2)
This PoC exploits CVE-2020-17136, a local privilege escalation vulnerability in Windows Cloud Experience Host Service (CfApi). It abuses symbolic link and placeholder creation to overwrite arbitrary files, leading to EoP.
This PoC exploits CVE-2020-17136, a vulnerability in Windows Cloud Files Mini Filter Driver, by creating a mount point and using Cloud Filter API to write arbitrary data to a privileged location (e.g., C:\Windows\System32). The exploit leverages the CfExecute callback to bypass access controls.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H