3872 matches found
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Source: https://code.google.com/p/google-security-research/issues/detail?id=457 --- The attached testcase crashes Win 7 with Special Pool enabled while accessing the freed global cursor object gpqCursor. See poc.cpp for instructions on how to compile and run. Proof of Concept:...
Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097)
Source: https://code.google.com/p/google-security-research/issues/detail?id=475 --- The attached PoC triggers a wild write on Win 7 32-bit with Special Pool enabled on win32k.sys. --- Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38276.zip...
Enabling QR codes in Internet Explorer, or a story of a cross-platform memory disclosure
Posted by Mateusz Jurczyk of Google Project Zero In the previous series of posts parts 1 2 3 4, we discussed the exploitation process of a serious “blend” vulnerability CVE-2015-0093 / CVE-2015-3052, which was special in that it provided the attacker with an extremely powerful primitive arbitrary...
Microsoft Windows Win32k Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows kernel mode driver and can be exploited by an attacker to run arbitrary code in kernel mode...
Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2015-05971)
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows kernel mode driver that can be exploited by a local attacker to run arbitrary code in kernel mode...
Microsoft Windows Kernel Mode Driver Elevation of Privilege Vulnerability
Microsoft Windows Kernel Mode Driver is a monitor driver. An elevation of privilege vulnerability exists in Microsoft Windows Kernel Mode Driver, which can be exploited by an attacker to elevate privileges and execute arbitrary code...
Microsoft Windows Kernel Local Security Bypass Vulnerability
Microsoft Windows Kernel is a dynamic link library file in Windows. A local security bypass vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to bypass certain security restrictions and perform unauthorized operations...
Microsoft Windows Kernel Mode Driver Elevation of Privilege Vulnerability (CNVD-2015-05921)
Microsoft Windows Kernel Mode Driver is a monitor driver. An elevation of privilege vulnerability exists in Microsoft Windows Kernel Mode Driver, which can be exploited by an attacker to elevate privileges and execute arbitrary code...
Windows win32k.sys TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA ...
Windows win32k.sys TTF Font Processing win32k!fsc_BLTHoriz Out-of-Bounds Pool Write Exploit
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=402&can=1 We have encountered a Windows kernel crash in the win32k!fscBLTHoriz function while processing corrupted TTF font files, such as: ---...
Windows ATMFD.DLL CharString Stream Out-of-Bounds Reads Exploit
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=382&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---...
Microsoft Windows - win32k.sys TTF Font Processing IUP[] Program Instruction Pool-Based Buffer Overflow
Microsoft Windows - win32k.sys TTF Font Processing IUP Program Instruction Pool-Based Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=368&can=1 We have encountered a number of Windows kernel crashes in the win32k!itrpIUP function a handler of the IUP TT...
Microsoft Windows - win32k.sys TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
Microsoft Windows - win32k.sys TTF Font Processing win32k!fscRemoveDups Out-of-Bounds Pool Memory Access Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted...
Microsoft Windows - ATMFD.dll CFF table (ATMFD+0x3440b ATMFD+0x3440e) Invalid Memory Access
Microsoft Windows - ATMFD.dll CFF table ATMFD+0x3440b ATMFD+0x3440e Invalid Memory Access Source: https://code.google.com/p/google-security-research/issues/detail?id=384&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF fo...
Microsoft Windows - 'win32k.sys' TTF Font Processing win32k!fsc_RemoveDups Out-of-Bounds Pool Memory Access
Source: https://code.google.com/p/google-security-research/issues/detail?id=401&can=1 We have encountered a Windows kernel crash in the win32k!fscRemoveDups function while processing corrupted TTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This canno...
Microsoft Windows Kernel CSRSS Local Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A local elevation of privilege vulnerability exists in Microsoft Windows Kernel CSRSS, which can be exploited by an attacker to execute arbitrary code, monitor the actions of the next logged on user, an...
Microsoft Windows Kernel KMD Security Feature Bypass Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A security feature bypass vulnerability exists in Microsoft Windows Kernel KMD, which can be exploited by an attacker to elevate privileges...
Microsoft Windows Kernel 'Win32k.sys' Information Disclosure Vulnerability
Microsoft Windows is a family of operating systems from Microsoft. An information disclosure leak exists in the Microsoft Windows Kernel 'Win32k.sys'. A local attacker can exploit the vulnerability to obtain sensitive information, bypass certain security restrictions and perform unauthorized...
MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
The remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to the Windows Adobe Type Manager Library not properly handling specially crafted OpenType fonts. An attacker can exploit these, by using a crafted document or web page wit...
The vulnerability of the Windows operating system, which allows a perpetrator to gain access to protected information
The vulnerability of kernel-level drivers in the Windows operating system is related to the lack of protection for privileged data. Exploiting this vulnerability can allow a local attacker to gain access to protected information through a specially crafted application...