Recently, the ICEWALL on the blog the release of CVE-2 0 1 4-4 1 1 5 discussion:
Describes this vulnerability in detail, a malicious fat32 format U-disk, can cause the windows kernel to crash.
We look at what is going on.
First, let's look at the FAT32 data structure, the following figure shows the FAT32 Boot Sector format:
The segment data is located in the first sector. More about the fat32 data structure and each field meanings, please refer to the official documentation:
Icewall in the blog mentioned, modified 10H offset at the FAT Count value can cause a blue screen.
We use 0 1 0 Editor open a U disk, modify the here 0 2 is 0x77: the