After preparing my VM I was ready to check some details of the bug available online. I found very nice post (here) describing the case. After reading it you should also be ready to prepare your own proof-of-concept. The bug is described as CVE-2016-10134.
Below results from the poc:
This simple poc will be available on my github.
In case of any questions, feel free to ping me @twitter or drop me an email.
Cheers
P.S.
I would also like to mention that resource. It was very useful during the whole 'research'.
Thanks! ;]
Poczo says: nice!
OdpowiedzUsuń