Collateral Damage - Code Execution via Game Script UWP App
Metadata
| Release date | 15.07.2024 |
| Author | carrot_c4k3 & landaire |
| Classification | Code execution |
| Patched | Yes |
| Patch date | 2024-07-15 |
| First patched system version | 10.0.25398.4910 (July 2024) |
| Source | Github |
| Download | Github |
Info
The "Game Script" application available on the Microsoft store allows writing and executing scripts in a custom language. This language exposes arbitrary memory read/write functionality, which can be used to achieve arbitrary native code execution.
First stage payload / PE loader: Solstice
PoC: Github
PoC with Kernel Exploit test: GitHub
Prerequisites
- Game Script (Product Id: 9pb1gw72nv4w)
Instructions
Follow the instructions on the Repository.
Authors: