CVE-2024-38100

The Windows File Explorer is affected by a privilege escalation issue, which allows attackers to gain access to a user's NetNTLM hash from any session on the computer, even with low-privileged user rights. This issue is related to unnecessary permissions being set in Access Security when explorer.exe is running at a High Integrity Level. The issue is exploited by bypassing security controls using cross-session activation of the ShellWindows DCOM application. Vulnerable software: Windows File Explorer Vulnerable versions: Not specified, but patched in KB5040434 Exploit is available at: https://github.com/MzHmO/LeakedWallpaper and https://github.com/Florian-Hoth/CVE-2024-38100-RCE-POC #WindowsFileExplorer #ElevationOfPrivilege #LeakedWallpaper #DCOM #LocalPrivilegeEscalation #Micropatches #KB5040434 #FakePotato #ShellWindows