MS14-0 6 3(CVE-2 0 1 4-4 1 1 5)FAT32 drive kernel overflow analysis-vulnerability warning-the black bar safety net

2014-12-07T00:00:00
ID MYHACK58:62201456679
Type myhack58
Reporter 佚名
Modified 2014-12-07T00:00:00

Description

Background

Recently, the ICEWALL on the blog the release of CVE-2 0 1 4-4 1 1 5 discussion:

http://www.icewall.pl/?p=680&lang=en

Describes this vulnerability in detail, a malicious fat32 format U-disk, can cause the windows kernel to crash.

We look at what is going on.

BSOD

First, let's look at the FAT32 data structure, the following figure shows the FAT32 Boot Sector format:

! Picture 1

The segment data is located in the first sector. More about the fat32 data structure and each field meanings, please refer to the official documentation:

<http://www.ntfs.com/fat-partition-sector.htm>

Icewall in the blog mentioned, modified 10H offset at the FAT Count value can cause a blue screen.

We use 0 1 0 Editor open a U disk, modify the here 0 2 is 0x77: the

[1] [2] [3] [4] [5] [6] next