PT-2023-18586 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions 5.0 through 5.5 Description: An issue was discovered in IhisiSmm that allows writing to an attacker-controlled address. This can be achieved by invoking an SMI handler with a malformed pointer in RCX that...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 to 5.5, which...

Microsoft Word畸形指针代码执行漏洞

Microsoft Word是非常流行的文字处理办公软件。 Word在处理畸形格式的文件时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 Word所使用的用于为内存拷贝例程创建目标地址的数据内嵌于Word文档本身，因此如果攻击者所创建的Word文档使用特定的值构建这个目标地址的话，就可能覆盖任意内存，导致执行任意指令。目前这个漏洞正在被积极的利用。 Microsoft Word XP Microsoft Word Viewer 2003 Microsoft Word v.X for Mac Microsoft Word 2003 Microsoft Word 2000...

Microsoft Word Document - Malformed Pointer (PoC)

Microsoft Word Document - Malformed Pointer PoC ===== The file I have attached is a very basic two stage bug. stage 1 the first mod forces the code down a wrong path. the second mod by itsself is harmless, however when used with the first it will be the first and part of the second overwrite. I...

Microsoft Word Document - Malformed Pointer (PoC)

===== The file I have attached is a very basic two stage bug. stage 1 the first mod forces the code down a wrong path. the second mod by itsself is harmless, however when used with the first it will be the first and part of the second overwrite. I have use 41414141 as a marker to make it easier f...