Windows Kernel - Pool Buffer Overflow Drawing Caption Bar MS15-061

2015-09-22T00:00:00
ID EDB-ID:38268
Type exploitdb
Reporter Nils Sommer
Modified 2015-09-22T00:00:00

Description

Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061). CVE-2015-1727. Dos exploit for win32 platform

                                        
                                            Source: https://code.google.com/p/google-security-research/issues/detail?id=321

The PoC triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.  The trigger depends on the current window layout and resolution. The PoC takes an offset on the command line to be able to test with different values, I tested this on two different Win7 32-bit VM's and had success with 0 and 475000 (Resolution was 1024x768 and 1280x1024). A bruteforce Python script is also attached which should trigger a crash fairly quickly.

Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38268.zip