Local RCE, Path traversal, POC of "DogWalk"

[scr1pt__kitty]

Description vulnerability

Two-click remote code execution attack. Path traversal flaw involving the Microsoft Support Diagnostics Tool(MSDT). That can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".diagcab" archive file that contains a diagnostics configuration file.
The vulnerability affects Windows 7 and Server Server 2008 to the latest releases.

PoC

GitHub - irsl/microsoft-diagcab-rce-poc: Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution

Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution - irsl/microsoft-diagcab-rce-poc

github.com

Full advisory

The trouble with Microsoft’s Troubleshooters

An unpatched vulnerability in Microsoft’s Troubleshooting technology

medium.com

Video PoC and thread in Twitter