CVE-2023-36003

MEDIUM

XAML Diagnostics - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36003. PoCs published by m417z.

AI-analyzed exploit summary This is a functional privilege escalation PoC for CVE-2023-36003, exploiting the XAML diagnostics API to inject a DLL into an elevated or inaccessible process. The exploit uses a COM-based TAP (Tracing and Profiling) component to execute arbitrary code (e.g., launching cmd.exe) in the context of the targeted process.

Description

XAML Diagnostics Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 93 stars

by m417z · poc

https://github.com/m417z/CVE-2023-36003-POC

View Code ZIP pw:eip

This is a functional privilege escalation PoC for CVE-2023-36003, exploiting the XAML diagnostics API to inject a DLL into an elevated or inaccessible process. The exploit uses a COM-based TAP (Tracing and Profiling) component to execute arbitrary code (e.g., launching cmd.exe) in the context of the targeted process.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows UI.Xaml.dll (affected versions prior to December 2023 Patch Tuesday)

No auth needed

Prerequisites: Local access to a vulnerable Windows system · Presence of an elevated or inaccessible process (e.g., UIAccess)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36003

Scores

CVSS v3 6.7

EPSS 0.0282

EPSS Percentile 84.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (11)

microsoft/windows_10_1507 < 10.0.10240.20345

microsoft/windows_10_1607 < 10.0.14393.6529

microsoft/windows_10_1809 < 10.0.17763.5206

microsoft/windows_10_21h2 < 10.0.19041.3803

microsoft/windows_10_22h2 < 10.0.19045.3803

microsoft/windows_11_21h2 < 10.0.22000.2652

microsoft/windows_11_22h2 < 10.0.22621.2861

microsoft/windows_11_23h2 < 10.0.22631.2861

microsoft/windows_server_2016

microsoft/windows_server_2019

... and 1 more

Published Dec 12, 2023

Tracked Since Feb 18, 2026