UAC bypass:
Copy payload dll (IFileOperation) as C:\Windows\System32\wbem\wbemcomn.dll then run diskmgmt.msc
Essence: diskmgmt invokes start of vds service (NT AUTHORITY\SYSTEM), that loads the dll.
Also the dll could be used for persistence (via WmiPrvSE.exe), but I'm not sure.
GOG Galaxy. I almost forgot about this research by now (it was year ago), but the recent news about Cyberpunk 2077 reminded me that I haven’t publicly shared my research.
Rus - https://t.co/DCa049ev3R
Eng - https://t.co/MDzjzazYqT
Writeup for third Steam vulnerability. #PublicDisclosure but not #0day this time, already patched.
Rus - https://t.co/DZssv8qbde
Eng - https://t.co/yrQc6yZb7l