CVE-2016-4025

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email...

CVE-2016-4025

CVE-2016-4025 affects multiple Avast products (e.g., Internet Security, Pro Antivirus, Premier, Free Antivirus, Business/Endpoint Protection variants, and related suites) and is described as a security bypass of the DeepScreen feature. The vulnerability is triggered via a DeviceIoControl call, al...

NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation

Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=880 The \.\UVMLiteController device is created by the nvlddmkm.sys driver, and can be opened by any user. The driver handles various control codes for this device, but there...

NVIDIA Driver - UVMLiteController ioctl Handling Unchecked InputOutput Lengths Privilege Escalation

NVIDIA Driver - UVMLiteController ioctl Handling Unchecked InputOutput Lengths Privilege Escalation / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=880 The \.\UVMLiteController device is created by the nvlddmkm.sys driver, and can be opened by any user. The driver handles...

Denial of Service Vulnerability in Hitman Pro 3.7

Hitman Pro is an anti-spyware virus program. A denial of service vulnerability exists in Hitman Pro 3.7. In the driver for Hitman Pro 3.7, the driver's buffer pointer passed in from the application layer after calling DeviceIoControl is not tested to see if memory space is claimed, resulting in a...

XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC

Exploit for windows platform in category dos / poc Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt 1. Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation...

Windows - CNG.SYS Kernel Security Feature Bypass PoC (MS15-052)

Exploit for windows platform in category local exploits // Source: http://www.binvul.com/viewthread.php?tid=508 // Source: https://twitter.com/NTarakanov/status/598370525132423168 include include include pragma commentlib, "ntdll.lib" int mainint argc, CHAR argv typedef NTSTATUS stdcall...

Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052)

// Source: http://www.binvul.com/viewthread.php?tid=508 // Source: https://twitter.com/NTarakanov/status/598370525132423168 include include include pragma commentlib, "ntdll.lib" int mainint argc, CHAR argv typedef NTSTATUS stdcall NTOPENFILEOUT PHANDLE FileHandle, IN ACCESSMASK DesiredAccess, IN...

Windows-NDPROXY-SYSTEM

Original crash ... null pointer dereference Access violation - code c0000005 !!! second chance !!! 00000038 ?? ??? NDPROXY Local SYSTEM privilege escalation from ctypes import from ctypes.wintypes import import os, sys kernel32 = windll.kernel32 ntdll = windll.ntdll GENERICREAD = 0x80000000...

Integer overflow

Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service memory corruption and panic via a crafted IOCTLASWFWCOMMPIDINFORESULTS DeviceIoControl request to \.\aswFW...

CVE-2010-5075

Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service memory corruption and panic via a crafted IOCTLASWFWCOMMPIDINFORESULTS DeviceIoControl request to \.\aswFW...

CVE-2014-7136

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

Heap overflow

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

CVE-2014-7136

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver aka K7Firewall Packet Driver before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call...

AhnLab V3 Internet Security 8.0 <= 1.2.0.4 - Privilege Escalation Vulnerability

No description provided by source. AhnLab V3 Internet Security 8.0 with AhnRec2k.sys = 1.2.0.4 Local Kernel Mode Privilege Escalation Vulnerability AUTHOR MJ0011 EMAIL thdecoder $ 126.com VULNERABLE PRODUCTS AhnLab V3 Internet Security = 8.0.3.28?build 746 DETAILS: AhnRec2k.sys create a device...

Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609 (2010.5.23) - Kernel Mode Local Priv. Escalation

No description provided by source. / Kingsoft WebShield KAVSafe.sys = 2010.4.14.6092010.5.23 Kernel Mode Local Privilege Escalation Vulnerability VULNERABLE PRODUCTS Kingsoft WebShield = 3.5.1.2 2010.5.23 Signature Date: 2010-5-23 2:33:54 And KAVSafe.sys = 2010.4.14.609 Signature Date2010-4-14...

Avast! Antivirus <= 4.8.1356 'aswRdr.sys' Driver Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37031/info Avast! Antivirus is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected compute...

VMware Workstation <= 7.1.1 VMkbd.sys Denial of Service Exploit

No description provided by source. !/usr/bin/python Title: VMware Workstation = 7.1.1 VMkbd.sys Denial of Service Exploit Author: Lufeng Li of Neusoft Corporation Vendor: www.vmware.com Platform: Windows Vista Tested: VMware Workstation v7.1.1 build-282343 Vulnerable: VMware Workstation = 7.1.1...

Windows NDPROXY - 本地权限提升漏洞(MS14-002)

漏洞成因 这是一个windows内核漏洞，漏洞的触发需要开启Routing and Remote Access服务，影响 windowsxp，windows2003. 先上 poc c include include int main HANDLE hDev = CreateFile"\\.\NDProxy", GENERICREAD | GENERICWRITE, FILESHAREREAD | FILESHAREWRITE, NULL, OPENEXISTING , 0, NULL; ifhDev==INVALIDHANDLEVALUE printf"CreateFile...

DESlock+ <= 3.2.7 (probe read) Local Kernel Denial of Service PoC

No description provided by source. / deslock-probe-read.c Copyright c 2008 by [email protected] DESlock+ = 3.2.7 local kernel DoS POC by mu-b - Sat 19 Jul 2008 - Tested on: DLMFENC.sys 1.0.0.28 call to ProbeForRead with a user-definable address that is eventually overwritten should have been...