This repository hosts materials related to CVE-2024-30052. More details about the vulnerability can be found in my blog post.
- builder folder contains source files for a program that crafts a dump file that exploits the vulnerability.
- poc folder contains three proof-of-concept files that will spawn calc.exe once opened - chm, hta and py.
- manifest folder contains a manifest for VS version 17.8.10, to make it easier to download that specific version locally when testing.
- Open CVE-2024-30052-builder.sln in Visual Studio 2022 and compile it.
- Run
CVE-2024-30052-builder.exe /path/to/repo/poc/poc.chm(or one of poc.hta, poc.py). This will create a dump file in the same directory. - Open the dump file in VS 2022 and click "Debug with Managed" or "Debug With Mixed".
- You should a message box pop up telling you that the file will be opened in an external editor. Press OK or X.
- calc.exe should now be spawned.
Note:
- You need to have VS 2022 community installed for the builder executable to work out of the box. Alternatively, you can replace the path to csc.exe in the CompileSource function.
- Only VS 2022 versions older than 17.8.11 are vulnerable. You can install version 17.8.10 by executing:
"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" install --channelId VisualStudio.17.Release --productId Microsoft.VisualStudio.Product.Community --channelURI "https://raw.githubusercontent.com/ynwarcs/CVE-2024-30052/refs/heads/main/manifest/ChannelManifest_17.8.10.json?token=GHSAT0AAAAAACWHD36ESW2XDN5U2AOC22OYZYAHHJA"
- For the .py poc to work, python must be installed on the system. The other two pocs should work fine.