Local Elevated privileges, Pulse Secure Windows Client 9.1.6 < 5.3 R70, CVE-2020-13162

[tabac]

Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit

Compile as 32-bit binary if you don't want to die!
Compiled with Visual Studio 2015 - Community Edition
After compiling copy the generated binary into the same folder with "evil.msi" and the Pulse Secure signed binary "PulseSecureInstallerService.exe". Then run it from command line.
For more information about the bug read -> https://www.redtimmy.com/privilege-escalation/pulse-secure-windows-client/ and https://www.redtimmy.com/privilege-...6-toctou-privilege-escalation-cve-2020-13162/

exploit:

GitHub - redtimmy/tu-TOCTOU-kaiu-TOCMEU-CVE-2020-13162-: Exploit for CVE-2020-13162

Exploit for CVE-2020-13162. Contribute to redtimmy/tu-TOCTOU-kaiu-TOCMEU-CVE-2020-13162- development by creating an account on GitHub.

github.com