From 992669430de69598b5e99d07ac469669b2cbd0f3 Mon Sep 17 00:00:00 2001
From: carrot-c4k3 <emma.kirkpatrick.1994@gmail.com>
Date: Sat, 8 Jun 2024 14:51:33 -0700
Subject: [PATCH] added details about game script uwp code exec exploit

---
 docs/exploits/game-script-code-exec.md | 22 ++++++++++++++++++++++
 docs/security/exploits.md              |  1 +
 2 files changed, 23 insertions(+)
 create mode 100644 docs/exploits/game-script-code-exec.md

diff --git a/docs/exploits/game-script-code-exec.md b/docs/exploits/game-script-code-exec.md
new file mode 100644
index 0000000..537447c
--- /dev/null
+++ b/docs/exploits/game-script-code-exec.md
@@ -0,0 +1,22 @@
+# Code Execution via Game Script UWP App
+
+## Metadata
+|                              |                                       |
+| ---------------------------- | ------------------------------------- |
+| Release date                 | 08.06.2024                            |
+| Author                       | carrot_c4k3                           |
+| Classification               | Code execution                        |
+| Patched                      | No                                    |
+| Patch date                   | N/A                                   |
+| First patched system version | N/A                                   |
+| Source                       | [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd) |
+| Download                     | N/A                                   |
+
+## Info
+The ["Game Script" application](https://apps.microsoft.com/detail/9pb1gw72nv4w) available on the Microsoft store allows writing and executing scripts in a custom language. This language exposes arbitrary memory read/write functionality, which can be used to achieve arbitrary native code execution.
+
+## Prerequisites
+- [Game Script](https://apps.microsoft.com/detail/9pb1gw72nv4w)
+
+## Instructions
+Launch Game Script and input the Proof-of-Concept found on [Github](https://gist.github.com/carrot-c4k3/10fdb4f3d11ca568f5452bbaefdc20dd).
diff --git a/docs/security/exploits.md b/docs/security/exploits.md
index 78f8ac5..0f66dda 100644
--- a/docs/security/exploits.md
+++ b/docs/security/exploits.md
@@ -10,6 +10,7 @@
 - [SystemOS Remote Code Execution - Xbox Live Messaging / WinJS injection](../exploits/ms-xdash-js-injection.md) (XX.XX.2019)
 - [Browser access while offline](../exploits/browser-access-while-offline.md)
 - [ECC Curveball - TLS certificate spoofing (CVE-2020-0601)](../exploits/ecc-curveball-cve-2020-0601.md) (December 2019)
+- [Code Execution via Game Script UWP App](../exploits/game-script-code-exec.md) (08.06.2024)
 
 ### Development mode
 - [SystemOS Elevation of privileges via Artifice (automation tool) using vulnerability in OpenSSH service](../exploits/artifice-devmode-elevation.md) (10.09.2023)