automatic module_metadata_base.json update

2020-02-06 15:30:19 -06:00 · 2020-02-06 15:30:19 -06:00 · 374396e7fe
parent 7f3c0c9314
commit 374396e7fe
1 changed files with 51 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -129935,6 +129935,57 @@
    },
    "needs_cleanup": null
  },
+  "exploit_windows/local/ricoh_driver_privesc": {
+    "name": "Ricoh Driver Privilege Escalation",
+    "fullname": "exploit/windows/local/ricoh_driver_privesc",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2020-01-22",
+    "type": "exploit",
+    "author": [
+      "Alexander Pudwill",
+      "Pentagrid AG",
+      "Shelby Pace"
+    ],
+    "description": "Various Ricoh printer drivers allow escalation of\n        privileges on Windows systems.\n\n        For vulnerable drivers, a low-privileged user can\n        read/write files within the `RICOH_DRV` directory\n        and its subdirectories.\n\n        `PrintIsolationHost.exe`, a Windows process running\n        as NT AUTHORITY\\SYSTEM, loads driver-specific DLLs\n        during the installation of a printer. A user can\n        elevate to SYSTEM by writing a malicious DLL to\n        the vulnerable driver directory and adding a new\n        printer with a vulnerable driver.\n\n        This module leverages the `prnmngr.vbs` script\n        to add and delete printers. Multiple runs of this\n        module may be required given successful exploitation\n        is time-sensitive.",
+    "references": [
+      "CVE-2019-19363",
+      "URL-https://www.pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/"
+    ],
+    "platform": "Windows",
+    "arch": "x86, x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Windows"
+    ],
+    "mod_time": "2020-02-06 14:11:42 +0000",
+    "path": "/modules/exploits/windows/local/ricoh_driver_privesc.rb",
+    "is_install_path": true,
+    "ref_name": "windows/local/ricoh_driver_privesc",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "SideEffects": [
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "unreliable-session"
+      ],
+      "Stability": [
+        "service-resource-loss"
+      ]
+    },
+    "needs_cleanup": true
+  },
  "exploit_windows/local/run_as": {
    "name": "Windows Run Command As User",
    "fullname": "exploit/windows/local/run_as",