Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure

/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. According to the ZwQueryInformationProcess...

Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure

/ We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that we have observed to trigger the leak in our te...

Microsoft Windows - nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation) Kernel 64-bit Stack Memory Disclosure

Microsoft Windows - nt!NtQueryVirtualMemory MemoryPrivilegedBasicInformation Kernel 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation 0x0 and MemoryPrivilegedBasicInformation 0x8 information classes discloses...

LineageOS 14.1 Blueborne Remote Code Execution

Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing purposes ONLY. Code in exp4.py More info in...

Windows Kernel 64-bit stack memory disclosure in nt!KiDispatchException(CVE-2018-0897)

We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a EXCEPTIONRECORD structure to user-mode memory while passing execution to a user-mode exception handler. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak was originally...

Windows Kernel 64-bit stack memory disclosure in win32k!PROXYPORT::SendRequest(CVE-2018-0814)

We have discovered that the win32k!PROXYPORT::SendRequest function sends ALPC messages with portions of uninitialized memory from the local stack frame on Windows 7 64-bit other versions were not tested. The message is 0x20 bytes long, 8 of which are uninitialized. The layout of the memory area i...

Windows Kernel 64-bit stack memory disclosure in msrpc!LRPC_CASSOCIATION::AlpcSendCancelMessage(CVE-2018-0896)

We have discovered that the msrpc!LRPCCASSOCIATION::AlpcSendCancelMessage function sends an ALPC message with portions of uninitialized memory from the local stack frame on Windows 7 64-bit other versions were not tested. The message is 0x18 bytes long, 8 of which are uninitialized. The layout of...

Windows Kernel 64-bit stack memory disclosure in win32k!XDCOBJ::RestoreAttributes(CVE-2018-0811)

We have discovered that the win32k!XDCOBJ::RestoreAttributes function leaks portions of uninitialized kernel stack memory to user-mode address space on Windows 7 to 10. It was confirmed on 64-bit platforms, 32-bit builds were not tested. The overall copied memory area is 0x1a0 bytes long, 4 of...

Microsoft Windows Kernel - NtQueryInformationThread(ThreadBasicInformation) 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - NtQueryInformationThreadThreadBasicInformation 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to...

Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients, on 64-bit versions of Windows 7 to Windows 10. The output buffer, and the corresponding temporary stack-based buffer in the kernel are 0xB8 184 bytes in...

Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure

Microsoft Windows Kernel - nt!NtWaitForDebugEvent 64-bit Stack Memory Disclosure / We have discovered that the nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients, on 64-bit versions of Windows 7 to Windows 10. The output buffer, and the...

Microsoft Windows Kernel - nt!KiDispatchException 64-bit Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a EXCEPTIONRECORD structure to user-mode memory while passing execution to a user-mode exception handler. The vulnerability affects 64-bit...

Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The specific layout of the...

Microsoft Windows Kernel - NtQueryInformationThread(ThreadBasicInformation) 64-bit Stack Memory Disc

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit...

Windows Kernel 64-bit stack memory disclosure in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback)(CVE-2018-0810)

We have discovered that a user-mode callback invoked by the win32k!SfnINLPHELPINFOSTRUCT function via KeUserModeCallback leads to the disclosure of uninitialized stack memory to user-mode clients, due to compiler-introduced structure padding. The vulnerability affects Windows 7 64-bit; other...

Microsoft Windows Kernel - nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues 1177 and 1311 ; in fact, the probl...

Microsoft Windows Kernel - nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure

Microsoft Windows Kernel - nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure / We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues 1177 a...

Microsoft Windows Kernel - 'nt!RtlpCopyLegacyContextX86' Stack Memory Disclosure

/ We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues 1177 and 1311 ; in fact, the problem discussed here appears to be a variant of 1177 b...

CVE-2017-17166

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a...

Denial of service

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a...