CVE Name: CVE-2010-2554
This exploit gain SYSTEM from NETWORK_SERVICE or DefaultAppPool user by duplicating
a handle obtained from a tracing feature for services by writing on a key registry
with low access protection.
This is a port of Cesar Cerrudo's Chimichurri Token kidnapping for fitting in MOSDEF.
Should work on Windows 2008 and 7 without patch ms10_059 aka KB982799.
Date Public: 08/10/2010
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2554
|Learn more about the CANVAS Exploit Pack here: CANVAS|