CVE-2022-24924
LOWSamsung LiveWallpaperService < 3.0.9.0 - Improper Access Control
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-24924. PoCs published by heegong.
AI-analyzed exploit summary This PoC exploits an improper access control vulnerability in Samsung LiveWallpaperService (CVE-2022-24924) by creating a directory junction to C:\Windows\System32 and abusing a named pipe to trigger directory creation with SYSTEM privileges.
Description
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.
Exploits (1)
This PoC exploits an improper access control vulnerability in Samsung LiveWallpaperService (CVE-2022-24924) by creating a directory junction to C:\Windows\System32 and abusing a named pipe to trigger directory creation with SYSTEM privileges.
References (1)
Scores
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N