## https://sploitus.com/exploit?id=7C346E13-0E24-5B84-B5FD-FA128FF5D798
This repository hosts materials related to CVE-2024-30052. More details about the vulnerability can be found in my [blog post](https://ynwarcs.github.io/exploiting-vs-dump-files).
# structure
- **builder** folder contains source files for a program that crafts a dump file that exploits the vulnerability.
- **poc** folder contains three proof-of-concept files that will spawn calc.exe once opened - chm, hta and py.
- **manifest** folder contains a manifest for VS version 17.8.10, to make it easier to download that specific version locally when testing.
# running a poc
- Open CVE-2024-30052-builder.sln in Visual Studio 2022 and compile it.
- Run `CVE-2024-30052-builder.exe /path/to/repo/poc/poc.chm` (or one of poc.hta, poc.py). This will create a dump file in the same directory.
- Open the dump file in VS 2022 and click "Debug with Managed" or "Debug With Mixed".
- You should a message box pop up telling you that the file will be opened in an external editor. Press OK or X.
- calc.exe should now be spawned.
Note:
- You need to have VS 2022 community installed for the builder executable to work out of the box. Alternatively, you can replace the path to csc.exe in the CompileSource function.
- Only VS 2022 versions older than 17.8.11 are vulnerable. You can install version 17.8.10 by executing:
+ `"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" install --channelId VisualStudio.17.Release --productId Microsoft.VisualStudio.Product.Community --channelURI "https://raw.githubusercontent.com/ynwarcs/CVE-2024-30052/refs/heads/main/manifest/ChannelManifest_17.8.10.json?token=GHSAT0AAAAAACWHD36ESW2XDN5U2AOC22OYZYAHHJA"`
- For the .py poc to work, python must be installed on the system. The other two pocs should work fine.
# demo
[cve-2024-30052.webm](https://github.com/user-attachments/assets/c4a19a26-ad89-4f17-8073-892d0d355fdd)