234 matches found
CVE-2004-1718
The ZwOpenSection function in Integrity Protection Driver IPD 1.4 and earlier allows local users to cause a denial of service crash via an invalid pointer in the "oa" argument...
CVE-2004-1718
The CVE-2004-1718 entry concerns Integrity Protection Driver (IPD) versions 1.4 and earlier. Affected component: ZwOpenSection function. Root cause: an invalid pointer in the oa argument can be exploited by a local attacker, causing a crash (denial of service). Impact is described as local denial...
IPD (Integrity Protection Driver) - Denial of Service
/ ipd-dos.c Copyright c 2002-2004 By Next Generation Security S.L. All rights reserved Compiles with: cl ipd-dos.c Madrid, August 2004 / include define MYNULL 0x01 typedef DWORD zwopensectionTYPEDWORD Handle, DWORD mask, DWORD oa; int mainint argc, char argv HINSTANCE dll; zwopensectionTYPE...
IPD (Integrity Protection Driver) - Denial of Service
IPD Integrity Protection Driver - Denial of Service / ipd-dos.c Copyright c 2002-2004 By Next Generation Security S.L. All rights reserved Compiles with: cl ipd-dos.c Madrid, August 2004 / include define MYNULL 0x01 typedef DWORD zwopensectionTYPEDWORD Handle, DWORD mask, DWORD oa; int mainint...
IPD (Integrity Protection Driver) Local Exploit
Exploit for unknown platform in category local exploits =============================================== IPD Integrity Protection Driver Local Exploit =============================================== / ipd-dos.c Copyright c 2002-2004 By Next Generation Security S.L. All rights reserved Compiles wit...
CVE-2004-1718
The ZwOpenSection function in Integrity Protection Driver IPD 1.4 and earlier allows local users to cause a denial of service crash via an invalid pointer in the "oa" argument...
CVE-2003-1233
Pedestal Software Integrity Protection Driver IPD 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to 1 \Device\PhysicalMemory or 2 to a drive letter...
CVE-2003-1246
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver IPD 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command...
PT-2003-2178 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: Pedestal Software Integrity Protection Driver IPD versions 1.3 and earlier Description: The issue allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel. This is achieved by using the...
Another way to bypass Integrity Protection Driver ('subst' vuln)
Another Way To Bypass Pedestal Software Integrity Protection Driver 'subst' vulnerability Jan K. Rutkowski [email protected] About IPD ---------- IPD is an Open Source program to protect Windows 2000 kernel integrity. Check the following page for more info:...
Pedestal Software Security Notice
Product: Integrity Protection Driver IPD Version: 1.3 and earlier Subject: New Integrity Protection Driver IPD Available Date: January 3, 2003 Solution: Upgrade to version 1.4 SUMMARY The Integrity Protection Driver IPD is an open source kernel driver for Windows NT and Windows 2000 that attempts...
CVE-2002-2126
restrictEnabled in Integrity Protection Driver IPD 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time...
CVE-2002-2127
Integrity Protection Driver IPD 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink...
Loading Rootkit using SystemLoadAndCallImage
Greets, For a while there has been a thread on NTBUGTRAQ about kernel-mode protection from rootkits. This is good - the whole point of our rootkit.com project is to get people thinking about the problem. For example, there is now an ANTI-Rootkit called Integrity Protection Driver from Pedestal...