PoC for LPE bug in xbox gaming service

When service is started and user logs in gamingservice will spawn a xgamehelper.exe process in context of low privilege user and will leak privileged process handle into the new process. As this bug can be abused only after reboot COM hijacking is performed to inject dll in xgamehelper process

reg add "HKCU\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InprocServer32" /ve /t REG_SZ /d "c:\exploit\dll1.dll" /f