{"uuid": "92ce62ad-4a0f-48bc-85e6-bb42241f9ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "seen", "source": "https://t.me/securixy_kz/715", "content": "\u0412\u044b\u0448\u0435\u043b Sysmon 14.13 (\u0437\u0430\u043a\u0440\u044b\u0442\u0430 #CVE-2022-41120 CVSS:3.1 7.8/6.8).\n\ud83d\udd17 https://techcommunity.microsoft.com/t5/sysinternals-blog/active-directory-explorer-v1-52-contig-v1-82-and-sysmon-v14-13/ba-p/3685500\n\n\u041f\u043e\u0442\u043e\u0440\u043e\u043f\u0438\u0442\u0435\u0441\u044c \u0438\u0431\u043e PoC \u0442\u0430\u043a \u0436\u0435 \u0432\u044b\u0448\u0435\u043b!\nHere is #PoC for CVE-2022-41120  https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\ud83d\udd17 https://github.com/Wh04m1001/SysmonEoP", "creation_timestamp": "2026-07-13T00:00:37.169969Z"}