Windows Kernel - UserCommitDesktopMemory Use-After-Free MS15-073

2015-09-22T00:00:00
ID EDB-ID:38267
Type exploitdb
Reporter Nils Sommer
Modified 2015-09-22T00:00:00

Description

Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073). CVE-2015-2365. Dos exploit for win32 platform

                                        
                                            Source: https://code.google.com/p/google-security-research/issues/detail?id=335

Freed memory is accessed after switching between two desktops of which one is closed. The testcase crashes with and without special pool enabled. The attached crash output is with special enabled on win32k.sys and ntoskrnl.sys.

Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38267.zip