Yesterday, SandboxEscaper uploaded a 0-day code for the Windows 10 arbitrary file deletion on github, which is the fifth 0-day released by sandboxescaper since August 2018. Today, SandboxEscaper released two new 0-day flaws on Github.
- Windows Error Reporting VulnerabilityThis vulnerability is located in the Windows Error Reporting Service and may be exploited via a carefully placed DACL (discretionary access control list) operation. Because of the similar vulnerability, SandboxEscaper discovered here last December was named AngryPolarBearBug, the new vulnerability was named AngryPolarBearBug2.
Although this vulnerability can achieve local privilege, this vulnerability is much more complicated than the previous vulnerability. She said on the blog that the trigger may take 15 minutes, so the damage will not be particularly large.
- IE 11 vulnerability
She announced the exploitation and video demonstration of this vulnerability. After successful exploitation, this vulnerability can be used to inject malicious code into IE. However, this vulnerability cannot be exploited remotely, so the harm will not be particularly large.
A demo video for the IE11 vulnerability is below: pic.twitter.com/wphfMYPkyq
— Catalin Cimpanu (@campuscodi) May 22, 2019