CVE-2023-40477 I’ve recently been looking at N-day vulnerabilities in Windows software in an attempt to hone my reverse engineering and exploit development skills. Last month, I read about an interesting bug in WinRAR version 6.22 and below which could result in remote code execution. This bug was assigned CVE-2023-40477. It was discovered by Zero Day Initiative. When I started, all the information I had to go on came from the ZDI page:

Background Check Point Research recently disclosed three security bugs in the Microsoft Windows MSMQ service. The most critical bug disclosed was CVE-2023-21554. They’ve named this bug QueueJumper and claim that it can result in unauthenticated remote code execution. Recently, a few coworkers discovered some vulnerable systems on their network penetration tests and were trying to find public exploits for this bug. The best they were able to find was this PoC on Github.

Background I’m currently taking Offensive Security’s PEN-401 course and studying for their OSEE exam. One concept I’ve been learning about is Supervisor Mode Execution Prevention (SMEP). I found it to be one of the more confusing topics to learn, so I thought I’d try to explain how it works to help fill my own knowledge gaps and better solidify my own understanding. Supervisor Mode Execution Prevention (SMEP) Supervisor mode execution prevention is an exploit mitigation feature built into some CPUs.

Introduction I’m taking Offensive Security’s PEN-401 course this summer in an attempt to earn my OSEE certification. It’s the most difficult and most technical course they currently offer. I really enjoyed earning my OSCE and OSED certifications through them and I figured some day I would make an attempt at the OSEE. I wasn’t expecting to go for it in 2022, but they reached out to me with an available spot and I couldn’t pass up the chance.

In early 2021 I took an Offensive Security course to earn my Offensive Security Exploit Developer certification. This course taught me a lot about exploiting memory corruption vulnerabilities in Windows 32-bit programs. It was also a lot of fun. Aside from security things, I also dabble in ham radio. Most of my experience with ham radio has been through the use of packet radio and other digital modes. Rather than talking to people over the air using voice, I’m sending and receiving data through a computer over the airwaves.