## https://sploitus.com/exploit?id=7F79E373-5BF4-5443-9DD3-8BBDFE29854C
CVE-2023-28293 โ Vulnerable Driver Exploit (Local Privilege Escalation)
This PoC exploits a vulnerability in a kernel-mode driver to achieve local privilege escalation via a crafted IOCTL call.
About the vulnerability:
CVE-2023-28293 is a vulnerability in a signed driver that allows user-mode applications to send specially crafted IOCTL requests to perform arbitrary kernel memory operations. This can be abused to escalate privileges or execute code in kernel context.
Requirements
- Windows (x64) system
- Administrator privileges (required to load kernel drivers)
- Test-signing enabled or patched signature checks (if the driver is unsigned)
- Vulnerable driver binary (.sys)
Structure
- core.h โ Common definitions (driver path, device name, IOCTL code, buffer size, logging macros)
- main.c โ Loads the driver, sends crafted IOCTL, unloads the driver
Usage
- Compile the project using Visual Studio or MinGW
- cl main.c /link advapi32.lib
- Run as administrator. If successful, the crafted IOCTL will interact with the vulnerable driver. The output is printed to the console.
References
- Microsoft Security Advisory