Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and ::SimpleDispatchWL as the Action. It neither passes nor checks t...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overfl

Exploit for multiple platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default ther...

Apple Mac OSX iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

Apple Mac OSX iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here:...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default there are actually a bunch of these providers; they are...

Apple OS X Disk Image Memory Corruption Vulnerability

Apple OS X is an operating system developed by Apple Inc. Apple OS X suffers from a memory corruption vulnerability in the handling of disk image files, which allows attackers to exploit the vulnerability to construct malicious files that can be induced to be parsed by an application, which can b...

Microsoft Windows Core Memory Privilege Elevation Vulnerability (CNVD-2015-08020)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows kernel that arises from a program's failure to properly handle objects in memory. An attacker could exploit the vulnerability to r...

Apple OS X MB Kernel Memory Corruption Vulnerability

Apple OS X is an operating system developed by Apple Inc. A kernel corruption vulnerability exists in Apple OS X SMB processing, which allows local users to exploit the vulnerability to execute arbitrary code in a kernel context...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2015-04691)

Microsoft Windows is a series of operating systems designed for personal computer and server users by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows kernel mode driver due to a failure of the program to properly handle processing memory...

One class to rule them all

This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged systemserver process, and then...

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2015-01097)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows 'Win32k.sys' handling windows cursor objects allows local attackers to exploit the vulnerability to elevate privileges and execute arbitrary code in kernel context...

Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)

No description provided by source. Microsoft Windows KTM Invalid Free with reused transaction GUID ---------------------------------------------------------------------------- CVE-2010-1889 The Kernel Transaction Manager ktm was introduced in Windows Vista and has been included in subsequent...

PT-2013-4718 · Microsoft · Windows Server 2008 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 7 SP1 Description: An elevation of privilege issue exists due to improper handling of objects in memory by the Microsoft...

APPLE-SA-2013-03-19-1 iOS 6.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-19-1 iOS 6.1.3 iOS 6.1.3 is now available and addresses the following: dyld Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: A local user may be able to execute unsigned code...

Apple iPhone/iPad/iPod touch iOS 6.1.3之前版本本地任意内核代码执行漏洞(CVE-2013-0981)

BUGTRAQ ID: 58589 CVECAN ID: CVE-2013-0981 Apple iOS是由苹果公司开发的手持设备操作系统。 iPhone, iPod touch, iPad上使用的Apple iOS 6.1.3之前版本，IOUSBDeviceFamily驱动程序使用了来自于用户空间的pipe对象指针，本地用户可利用此漏洞在内核中执行任意代码。 0 Apple iOS = 6.1.3 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.apple.com/...

PT-2011-3525 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2, R2, and R2 SP1 Windows 7 versions Gold and SP1 Description: The issue arises from improper validation of user-mode inp...

PT-2011-2030 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 and SP2 Microsoft Windows Server 2008 versions Gold, SP2, and R2 Microsoft Windows 7 Description: The issue arises from t...

Microsoft Windows Microsoft Windows Does Not Handle src == dest

Microsoft Windows win32k!GreStretchBltInternal does not handle src == dest ---------------------------------------------------------------------------- A bitblt bit block transfer is used to copy one rectangular region of screen to another, often performing a raster operation rop of some sort e.g...

Anti-Trojan Elite和Anti-Keylogger Elite IOCTL请求本地权限提升漏洞

BUGTRAQ ID: 32202 Anti-Trojan Elite和Anti-Keylogger Elite是ISecSoft推出的防木马和侦测键盘记录器工具。 Anti-Keylogger Elite的AKEProtect.sys驱动没有正确地验证通过IOCTL 0x002224A4、0x002224C0和0x002224CC所接收到的参数，Anti-Trojan Elite的Atepmon.sys驱动没有正确地验证通过IOCTL 0x00222494所接收到的参数，本地管理员启动Anti Trojan Elite或Anti-Keylogger...

Code injection

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments...

Broadcom无线驱动探测响应超长SSID栈溢出漏洞

Broadcom是全球领先的有线和无线通信半导体公司。 Broadcom的无线驱动程序实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 Broadcom的BCMWL5.SYS无线驱动在处理包含有超长SSID字段的802.11探测响应报文时存在栈溢出漏洞，允许攻击者通过发送恶意报文导致执行任意内核态代码。 Broadcom BCMWL5.SYS 3.50.21.10 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...