Code Monkey home page Code Monkey logo

cve-2023-27326's Introduction

Parallels Desktop VM Escape

This repository contains an exploit for a Parallels Desktop vulnerability which has been assigned CVE-2023-27326. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop.

The exploit was tested on Parallels Desktop version 18.0.0 (53049), and the vulnerability was patched in the 18.1.1 (53328) security update.

Vulnerability Details

The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system.

The full details of the vulnerability can be found in the accompanying blog post.

Credits

The vulnerability was discovered and exploited by Alexandre Adamski of Impalabs. The boiler plate code of the kernel module is taken from RET2 Systems's Pwn2Own 2021 exploit.

License

The contents of this repo are licensed and distributed under the MIT license.

cve-2023-27326's People

Contributors

neatmonster avatar

Stargazers

bbdd avatar LOURCODE avatar Lyfer_Lu avatar avatar lvyzh avatar wangkai0351 avatar 5l1v3r1 avatar avatar Orochi avatar 222 avatar 大神 avatar avatar Wade Welles avatar @tkmru avatar henhao avatar avatar Mustafa avatar nullfuzz avatar biubiu avatar Larson T. avatar Aleksei Kulaev avatar Vanilla avatar Tommaso Ventafridda avatar Chengfeng Ye avatar cop avatar avatar lalalal! avatar 大剑 avatar avatar avatar sion avatar Oliver avatar ⠀ avatar Abrar Fahim avatar Dmitry avatar luciouskami avatar W avatar via avatar avatar ama2in9 avatar Phạm Ngọc Vân avatar avatar sql7 avatar p4nda avatar avatar Mix avatar Life avatar 1nv0k3r avatar xia0o0o0o avatar avatar avatar SaberCC avatar avatar Ellie 
:3 avatar Madhu Akula avatar avatar avatar Chaitanya avatar avatar ZGQ Inc. avatar xhlove avatar changheluori007 avatar avatar avatar hash avatar LSA avatar giglf avatar @WishJam avatar avatar Alex Zenla avatar Wenchao Li avatar Meow Nova avatar avatar K avatar Chase avatar plusls avatar ThomasKing avatar thanat0s avatar BubbleGvm avatar 0r@nge avatar avatar avatar Reclu3e avatar tu95 avatar tmr avatar Crispr avatar Peterpan0927 avatar 0x403 avatar killdayu avatar avatar yanq avatar Braindance avatar avatar avatar avatar avatar mayter avatar avatar avatar avatar

Watchers

avatar avatar boy1337 avatar lyte avatar

Forkers

crackercat test1213145 fengjixuchui bb33bb killvxk gmh5225 v1cker adedeji-x xp3s retry-later thomasking2014 llxiaoyuan anti-ghosts mssky9527 wbaby sionthanatos hzmslx conanjun zha0 nanaao eagletube 5l1v3r1 daerduotutu922 strauchmann420

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.