Merge pull request #90 from carrot-c4k3/master

Add details about Game Script UWP exploit
xboxoneresearch · Jun 8, 2024 · 4b870f4 · 4b870f4
2 parents a5c11ff + 9926694
commit 4b870f4
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/docs/exploits/game-script-code-exec.md b/docs/exploits/game-script-code-exec.md
@@ -0,0 +1,22 @@
+# Code Execution via Game Script UWP App
+
+## Metadata
+|                              |                                       |
+| ---------------------------- | ------------------------------------- |
+| Release date                 | 08.06.2024                            |
+| Author                       | carrot_c4k3                           |
+| Classification               | Code execution                        |
+| Patched                      | No                                    |
+| Patch date                   | N/A                                   |
+| First patched system version | N/A                                   |
+| Source                       | [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd) |
+| Download                     | N/A                                   |
+
+## Info
+The ["Game Script" application](https://apps.microsoft.com/detail/9pb1gw72nv4w) available on the Microsoft store allows writing and executing scripts in a custom language. This language exposes arbitrary memory read/write functionality, which can be used to achieve arbitrary native code execution.
+
+## Prerequisites
+- [Game Script](https://apps.microsoft.com/detail/9pb1gw72nv4w)
+
+## Instructions
+Launch Game Script and input the Proof-of-Concept found on [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd).
diff --git a/docs/security/exploits.md b/docs/security/exploits.md
@@ -10,6 +10,7 @@
 - [SystemOS Remote Code Execution - Xbox Live Messaging / WinJS injection](../exploits/ms-xdash-js-injection.md) (XX.XX.2019)
 - [Browser access while offline](../exploits/browser-access-while-offline.md)
 - [ECC Curveball - TLS certificate spoofing (CVE-2020-0601)](../exploits/ecc-curveball-cve-2020-0601.md) (December 2019)
+- [Code Execution via Game Script UWP App](../exploits/game-script-code-exec.md) (08.06.2024)
 
 ### Development mode
 - [SystemOS Elevation of privileges via Artifice (automation tool) using vulnerability in OpenSSH service](../exploits/artifice-devmode-elevation.md) (10.09.2023)