bitsadmin
commented
5 years ago Thanks for your feedback!
As wes-ng collects information from various sources, including exploit links from Mitre's CVE database hosted at NVD (https://nvd.nist.gov/), there is indeed not much we can do about it in the code of wes-ng.
To complement the information regarding the 2 CVEs you mentioned, you can submit the exploit links at https://cveform.mitre.org/. This updated information will then be propagated to NVD and be included in the future definitions update of wes-ng.
Hi,
this is not really an issue in the code. There are currently at minimum 2 exploits missing for CVE-2019-1129 and CVE-2019-1130. That was the fix for the latest sandboxescaper CVE-2019-0841 Bypass vulnerability from july.
One way to exploit this is here (Race Condition, so multiple cores needed): https://github.com/SecureThisShit/SharpByeBear
Greetings