123 matches found
DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM
/ deslock-list-zero-v2.c Copyright c 2008 by DESlock+ include include include define DLMFENCIOCTL 0x0FA4204C define DLMFENCFLAG 0xC001D00D define DLKFDISKRIOCTL 0x80002008 define DLKFDISKSLOT 0x00000C5C define ARGSIZEa a/sizeof void static unsigned char win32fixup = "\x53" "\xeb\x0e" / fixupcopy ...
DESlock+ < 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)
/ deslock-list-zero.c Copyright c 2008 by DESlock+ include include define DLMFENCIOCTL 0x0FA4204C define DLMFENCFLAG 0xDEADBEEF define ZEROMEM 0xDEADBEEF define ARGSIZEa a-sizeof int2/sizeof void struct ioctlreq int flag; int reqnum; void argARGSIZE0x20; ; int main int argc, char argv struct...
Safenet IPSecDrv.sys <= 10.4.0.12 Local kernel ring0 SYSTEM Exploit
No description provided by source. / safenet-ipsec-call.c Copyright c 2008 by [email protected] Safenet IPSecDrv.sys = 10.4.0.12 local kernel ring0 indirect call SYSTEM exploit by mu-b - Thu 03 Jan 2008 - Tested on: IPSecDrv.sys 10.4.0.12...
SafeNet 10.4.0.12 - IPSecDrv.sys Local kernel Ring0 SYSTEM
SafeNet 10.4.0.12 - IPSecDrv.sys Local kernel Ring0 SYSTEM / safenet-ipsec-call.c Copyright c 2008 by Safenet IPSecDrv.sys include include include define IPSECDRVIOCTL 0x80002064 define ARGSIZEa a/sizeof void static unsigned char win32fixup = "\x53" "\x52"; static unsigned char win2k3ring0shell =...
Safenet IPSecDrv.sys <= 10.4.0.12 Local kernel ring0 SYSTEM Exploit
Exploit for unknown platform in category local exploits =================================================================== Safenet IPSecDrv.sys Safenet IPSecDrv.sys include include include define IPSECDRVIOCTL 0x80002064 define ARGSIZEa a/sizeof void static unsigned char win32fixup = "\x...
SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM
/ safenet-ipsec-call.c Copyright c 2008 by Safenet IPSecDrv.sys include include include define IPSECDRVIOCTL 0x80002064 define ARGSIZEa a/sizeof void static unsigned char win32fixup = "\x53" "\x52"; static unsigned char win2k3ring0shell = / ring0 / "\xb8\x24\xf1\xdf\xff" "\x8b\x00"...
MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035)
No description provided by source. include stdio.h include windows.h include winsock.h / Microsoft SRV.SYS Mailslot Ring0 Memory CorruptionMS06-035 Exploit by cocoruderfrankruderathotmail.com,2006.7.19 page:http://ruder.cdut.net / unsigned char SmbNeg = "\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00"...
Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit
No description provided by source. / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any...
norton-local.txt
/ Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any user. As result, a user can send a...
Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit
Exploit for unknown platform in category local exploits ========================================================= Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit ========================================================= / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstrac...
Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028
/ Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any user. As result, a user can send a...
SafeNet High Assurance Remote 1.4.0 - IPSecDrv.sys Remote Denial of Service
SafeNet High Assurance Remote 1.4.0 - IPSecDrv.sys Remote Denial of Service / safenet-dos.c SafeNet HighAssurance Remote 1.4.0 Ring0 DoS win32 by John Anderson mu-b - Mar 2006 - June 2007 - Tested on: SafeNet HighAssurance Remote 1.4.0 Build 12 win32 Kernel level Ring0 DoS in IPv6 support of...
SafeNet High Assurance Remote 1.4.0 - 'IPSecDrv.sys' Remote Denial of Service
/ safenet-dos.c SafeNet HighAssurance Remote 1.4.0 Ring0 DoS win32 by John Anderson mu-b - Mar 2006 - June 2007 - Tested on: SafeNet HighAssurance Remote 1.4.0 Build 12 win32 Kernel level Ring0 DoS in IPv6 support of IPSecDrv.sys causes an infinite loop in searching option headers 0x1000BEB0. Thi...
Breakthrough Proactive Defense registry monitoring review(updated)-vulnerability warning-the black bar safety net
Currently active Defense concept has been firmly established, many antivirus, software, fire protection, and HIPS are having a registry monitoring function, to prevent from startup items and IE-related key value is modified, to guard against viruses Trojans and malware and other malicious program...
[Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities.
Trend Micro Products Multiple Local Privilege Escalation Vulnerabilities Discovered by: Rubйn Santamarta [email protected] Affected products: Client / Server / Messaging Security for SMB – 3.5 PC-cillin Internet Security - 2007, Trend Micro AntiVirus – 2007 Trend Micro Anti-Spyware for SMB –...
Symantec AntiVirus - IOCTL Kernel Privilege Escalation (1)
Symantec AntiVirus - IOCTL Kernel Privilege Escalation 1 / source: https://www.securityfocus.com/bid/20360/info Symantec AntiVirus is prone to a privilege-escalation vulnerability. Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel-level privileges...
Symantec AntiVirus - IOCTL Kernel Privilege Escalation (2)
// source: https://www.securityfocus.com/bid/20360/info // Symantec AntiVirus is prone to a privilege-escalation vulnerability. // Local attackers can exploit this issue to corrupt memory and execute arbitrary code with kernel-level privileges. Successful exploits may facilitate a complete system...
ms06-035-coco.txt
include include include / Microsoft SRV.SYS Mailslot Ring0 Memory CorruptionMS06-035 Exploit by cocoruderfrankruderathotmail.com,2006.7.19 page:http://ruder.cdut.net / unsigned char SmbNeg = "\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00"...
Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
Microsoft Windows - Mailslot Ring0 Memory Corruption MS06-035 include include include / Microsoft SRV.SYS Mailslot Ring0 Memory CorruptionMS06-035 Exploit by cocoruderfrankruderathotmail.com,2006.7.19 page:http://ruder.cdut.net / unsigned char SmbNeg = "\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00"...
Microsoft Windows XP2000 - Mrxsmb.sys Local Privilege Escalation (MS06-030)
Microsoft Windows XP2000 - Mrxsmb.sys Local Privilege Escalation MS06-030 /////////////////////////////////////////////////////////////////////////////////////// // Mrxsmb.sys XP & 2K Ring0 Exploit 6/12/2005 // Tested on XP SP2 && 2K SP4 // Disable ReadOnly Memory protection //...