3872 matches found
Microsoft Windows Kernel Memory Corruption Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. An elevation of privilege vulnerability exists in the kernel of Microsoft Windows. A local attacker can exploit this vulnerability to run arbitrary code in kern...
Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2015-06644)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. An elevation of privilege vulnerability exists in the kernel of Microsoft Windows. A local attacker can exploit this vulnerability to run arbitrary code in kern...
CVE-2015-2554
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."...
KLA10674 Multiple vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Improper information...
Windows win32k.sys TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write
Source: https://code.google.com/p/google-security-research/issues/detail?id=402&can=1 We have encountered a Windows kernel crash in the win32k!fscBLTHoriz function while processing corrupted TTF font files, such as: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and...
Windows win32k.sys TTF Font Processing win32k!scl_ApplyTranslation Pool-Based Buffer Overflow
Source: https://code.google.com/p/google-security-research/issues/detail?id=370&can=1 We have encountered a number of Windows kernel crashes in the win32k!sclApplyTranslation function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was...
Windows win32k.sys TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This canno...
The vulnerability of the Windows operating system, which allows a hacker to bypass the ASLR protection mechanism
The vulnerability of the Windows operating system’s kernel is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism by using a specially crafted application...
Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free MS15-073 Source: https://code.google.com/p/google-security-research/issues/detail?id=335 Freed memory is accessed after switching between two desktops of which one is closed. The testcase crashes with and without special pool...
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Cursor Object MS15-097 Source: https://code.google.com/p/google-security-research/issues/detail?id=457 --- The attached testcase crashes Win 7 with Special Pool enabled while accessing the freed global cursor object gpqCursor. See poc.cpp for...
Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Microsoft Windows Kernel - DeferWindowPos Use-After-Free MS15-073 Source: https://code.google.com/p/google-security-research/issues/detail?id=339 The attached PoC demonstrate a use-after-free condition that occurs when operating on a DeferWindowPos object from multiple threads. The DeferWindowPos...
Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free MS15-097 Source: https://code.google.com/p/google-security-research/issues/detail?id=458 --- The attached testcase crashes Win 7 with Special Pool on win32k while accessing freed memory in bGetRealizedBrush. --- Proof of Concept:...
Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=313 The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Witho...
Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)
Microsoft Windows Kernel - WindowStation Use-After-Free MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=295 Platform: Win7 32-bit. trigger.cpp should fire the issue, with caveats: - PoC MUST be compiled in release mode. - PoC may need to be run a few times to...
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Source: https://code.google.com/p/google-security-research/issues/detail?id=457 --- The attached testcase crashes Win 7 with Special Pool enabled while accessing the freed global cursor object gpqCursor. See poc.cpp for instructions on how to compile and run. Proof of Concept:...
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Source: https://code.google.com/p/google-security-research/issues/detail?id=293 Platform: Win7 32-bit. trigger.cpp should fire the issue, with two caveats: - PoC will NOT work if compiled as a debug build. - PoC will trigger the condition every time but the subsequent corruption might not cause a...
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Source: https://code.google.com/p/google-security-research/issues/detail?id=313 The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Without Special Pool we often get a crash in the same function, but sometimes i...
Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)
Source: https://code.google.com/p/google-security-research/issues/detail?id=294 Platform: Win7 32-bit. trigger.cpp should fire the issue, with a caveat - PoC might NOT work if compiled as a debug build. windbg.txt is a sample crash log. Analysis from Nils: --- please find attached a C trigger,...
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Source: https://code.google.com/p/google-security-research/issues/detail?id=433 --- The attached PoC demonstrates a UAF condition with printer device contexts. The PoC will trigger on Win 7 32-bit with Special Pool enabled. --- Proof of Concept:...
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
Source: https://code.google.com/p/google-security-research/issues/detail?id=415 --- Tested on Win 7 32-bit with Special Pool enabled. Multiple pool buffer overflows can be triggered through the NtGdiStretchBlt system call. The attached PoC demonstrates a write overflow and another read over flow...