The recent discovery of a windows overflow 0day demo-vulnerability warning-the black bar safety net

ID MYHACK58:62201026165
Type myhack58
Reporter 佚名
Modified 2010-02-08T00:00:00


by Langouster

Windows overflow vulnerability

  1. This vulnerability for Windows somewhere on the design defect cause, should be early Windows legacy issues, the details will not say

  2. Affected by this vulnerability the code quite a bit, have Microsoft The there are also third party; The vulnerability could trigger the consequences may be a heap overflow or stack overflow, currently found in the whole of stack overflow; Affected by this vulnerability, the code may be Ring3 may also be Ring0,the overflow after the success obtained permission to also have difference; This vulnerability is the use of the permission itself is not required, but I currently only can be found in the administrator privileges of use of the method.

  3. Discovery of this vulnerability date:2010-01-24 two weeks ago.... and

  4. This demonstrates the use of a Ring0 code vulnerability, you can perform the Ring0 code, The following is the use of shellcode

volatile __declspec(naked) VOID MyShellcode(VOID) { __asm { push ebp; mov ebp,esp; sub esp,1 0 0;

//Here write the shellcode section,below just a simple example of shellcode,not aggressive,just print the character,intended to illustrate may be the stack implementation code //--------------------------------------- Lable1: //Print string Overflow By Langouster\n mov dword ptr [esp],'revO'; mov dword ptr [esp+4],'wolf'; mov dword ptr [esp+8],' yB '; mov dword ptr [esp+1 2],'gnaL'; mov dword ptr [esp+1 6],'tsuo'; mov dword ptr [esp+2 0],'\nre'; push esp; mov eax,DbgPrint; call eax; add esp,4; jmp Lable1;


DoLoop: jmp DoLoop;

} }

  1. This is just a simple demo,you can also implement other more features

  2. Affect the system:currently testing the following systems are affected, other systems not tested does not represent there is no vulnerability. (1). Windows 2 0 0 0 sp3, Windows 2 0 0 0 sp4 (2). Windows XP sp3 (3). Windows 2 0 0 3 (4). Vista, Vista sp1, Vista sp2 (5). Windows 2 0 0 8 (6). Windows 7 7 6 0 0

by Langouster