Break me out of sandbox in old pipe CVE 2022 22715 Windows Dirty Pipe

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/windows-exploit-research/Break me out of sandbox in old pipe - CVE-2022-22715 Windows Dirty Pipe.md.

Status: integrated Integrated into: CVE-2022-22715

Excerpt

In February 2022, Microsoft patched the vulnerability I used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it “Windows Dirty Pipe”. In this article, I will share the root cause and expl…