## https://sploitus.com/exploit?id=979CA658-8E0B-51A5-A147-17E36E3E11D6
# Description
* The PoC program exploits the IMFForceDelete driver which exposes an ioctl that allows unprivileged users to delete files and folders. We can turn this into a privilege escalation by using a technique explained by ZDI and Halov, which exploits the MSI rollback mechanism which is designed to maintain system integrity in case of issues. By deleting and recreating it with a weak DACL and fake RBF and RBS files we can gain the ability to make arbitrary changes to the system as NT AUTHORITY\SYSTEM.
# VID
https://github.com/user-attachments/assets/58e343d2-97a4-4ca3-9deb-df911b717a57
# Write-up
* https://www.hackandhide.com/from-dos-to-privilege-escalation/
# CREDITS
* [Halov](https://x.com/KLINIX5)
* [ZDI](https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks-archive)
* [vx-underground and #ifndef hjonk](https://x.com/vxunderground/status/1876670819411407188)