24 matches found
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next...
The Windows kernel-EPATHOBJ 0day exploit-vulnerability warning-the black bar safety net
This vulnerability is through the PATHALLOCfor memory pressure of the test broke, the first use of PATHRECpointing to the same user space PATHREC EPATHOBJ::bFlatten it will”spin”for an unlimited linked list traversal. Such as:PathRecord-next = PathRecord; Although it will spin,but it will be by...
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't...
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't exploit the bug while HeavyAllocPool is failing, because of the early exit in...