Share
## https://sploitus.com/exploit?id=94F56A76-5FFA-517A-AD3C-93153FCA4D3E
## CVE-2022-26809
This repo just simply research for the CVE, for more detailed ananlysis,please refer [here](http://showlinkroom.me/2022/04/30/Windows-CVE-2022-26809/). 

Here is reproduce code for Windows RPC Vuln `CVE-2022-26809`, and it refer [https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/rpc/hello](https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/rpc/hello).  

If have any better solution to trigger this vuln, feel free to submit issue or pr :)

### PoC
_My python version is 3.6.7_
the `poc.py` just **try** to trigger the vuln function`OSF_SCALL::GetCoalescedBuffer`, it **wouldn't cause any crash because dword integer overflow is too hard to reproduce**.And the `rpcrt.py` is the python package `impacket.dcerpc.v5.rpcrt`,just replace it with origin to trigger vuln(Remember to backup the origin one :) I believe the `rpcrt.py` has a huge of bugs).

If it not work, maybe **wireshark** can help to locate the bug.

### PipeDemo
if necessary, just use `nmake` to rebuild it