122 matches found
Microsoft Windows - win32k!NtGdiEnumFonts Kernel Pool Memory Disclosure
Microsoft Windows - win32k!NtGdiEnumFonts Kernel Pool Memory Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1153 We have discovered that the win32k!NtGdiEnumFonts system call handler discloses very large portions of uninitialized pool memory to user-mode clients. The...
Microsoft Windows - 'nt!NtNotifyChangeDirectoryFile' Kernel Pool Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1169 We have discovered that the nt!NtNotifyChangeDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test Windows 10 32-bit workstation,...
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Pool Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1144 The win32k!NtGdiGetOutlineTextMetricsInternalW system call corresponds to the documented GetOutlineTextMetrics API function 1, and is responsible for returning information about the outline text metrics associated with a...
Microsoft Windows - win32k!NtGdiGetOutlineTextMetricsInternalW Kernel Pool Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1144 The win32k!NtGdiGetOutlineTextMetricsInternalW system call corresponds to the documented GetOutlineTextMetrics API function 1, and is responsible for returning information...
Microsoft Windows - nt!NtQueryVolumeInformationFile (FileFsVolumeInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryVolumeInformationFile FileFsVolumeInformation Kernel Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1166 We have discovered that the nt!NtQueryVolumeInformationFile system call discloses portions of uninitialized pool memor...
Microsoft Windows - nt!NtNotifyChangeDirectoryFile Kernel Pool Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1169 We have discovered that the nt!NtNotifyChangeDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignmen...
Microsoft Windows - win32k!NtGdiEnumFonts Kernel Pool Memory Disclosure Exploit
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1153 We have discovered that the win32k!NtGdiEnumFonts system call handler discloses very large portions of uninitialized pool memory to user-mode clients. The issue can be...
Microsoft Windows - 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1153 We have discovered that the win32k!NtGdiEnumFonts system call handler discloses very large portions of uninitialized pool memory to user-mode clients. The issue can be reproduced by running the attached proof-of-concept progra...
Windows 10 the next MS16-098 RGNOBJ integer overflow vulnerability analysis and exploit-vulnerability warning-the black bar safety net
This article with reference to , the text talked about the Windows Kernel Pool Feng Shui, SetBitmapBits/GetBitmapBits to any address read and write, etc. the use of Means, and very helpful in learning the Windows kernel exploits. Test environment: Windows 10 1511 x64 Professional Edition2016.04 2...
Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit
This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is...
Symantec / Norton AntiVirus - ASPack Remote Heap/Pool Memory Corruption
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=820 When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Norton branded...
Hyper-V - 'vmswitch.sys' VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=688 This function is reachable by sending a RNDIS Set request with OID 0x01010209 OID8023MULTICASTLIST from the Guest to the Host. This function potentially allocates a buffer based on the addresses sent. The number of entries is...
Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow
Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=688 This function is reachable by sending a RNDIS Set request with OID 0x01010209 OID8023MULTICASTLIST from the Guest to the Host. This...
The vulnerability of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Windows operating system arises due to an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a local attacker to increase their privileges by using a special application known as “Win32k Pool Buffer Overflow Vulnerability”...
Microsoft Windows ATMFD Font Driver Kernel Pool Overflow (MS15-078: CVE-2015-2426)
A flaw has been discovered in Microsoft Windows OTF files. Successful exploitation could lead to a kernel pool overflow when a system attempt to copy data results in memory corruption...
Symantec-Endpoint-Protection-11.x,-12.x
Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow http://www.offensive-security.com Tested on Windows 7 http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/ Authors: Matteo ryujin Memelli Alexandru sickness Uifalvi offensive-security.com from ctypes import fro...
Microsoft Windows Kernel-Mode Drivers Privilege Escalation Vulnerabilities (2984615)
This host is missing an important security update according to Microsoft Bulletin MS14-045. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Kernel Pool Allocation CVE-2014-4064 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to disclose kernel memory and obtain sensitive information that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow
No description provided by source. Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow http://www.offensive-security.com Tested on Windows 7 http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/ Authors: Matteo 'ryujin' Memelli & Alexandru 'sickness' Uifalvi at...
Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow Exploit
Exploit for windows platform in category local exploits from ctypes import from ctypes.wintypes import import struct, sys, os, time ntdll = windll.ntdll kernel32 = windll.kernel32 TH32CSSNAPPROCESS = 0x02 PROCESSALLACCESS = 0x1fffff FORMATMESSAGEFROMSYSTEM = 0x00001000 NULL = 0x0 MEMCOMMIT =...