213 matches found
NProtect Anti-Virus 2007 Privilege Escalation
NProtect Anti-Virus 2007 with TKRgAc2k.sys FsContext for each process to open the device,and save key/key value /virus name /event object in FsContext. Here contains a design error , if a registry operation is intercepted and match the rules , but event handle has not been set, TKAcRg2k.sys will...
NProtect Anti-Virus 2007 <= 2010.5.11.1 Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits NProtect Anti-Virus 2007 with TKRgAc2k.sys FsContext for each process to open the device,and save key/key value /virus name /event object in FsContext. Here contains a design error , if a registry operation is intercepted and match the rules...
G Data TotalCare 2011 - Local Kernel
G Data TotalCare 2011 - Local Kernel / Exploit Title: G Data TotalCare 2011 0day Local Kernel Exploit Date: 2010-11-08 Author: Nikita Tarakanov CISS Research Team Software Link: http://www.gdata.de/ Version: up to date, version 21.1.0.5, MiniIcpt.sys version 1.0.8.9 Tested on: Win XP SP3 CVE :...
G Data TotalCare 2011 Local Kernel Exploit
/ Exploit Title: G Data TotalCare 2011 0day Local Kernel Exploit Date: 2010-11-08 Author: Nikita Tarakanov CISS Research Team Software Link: http://www.gdata.de/ Version: up to date, version 21.1.0.5, MiniIcpt.sys version 1.0.8.9 Tested on: Win XP SP3 CVE : CVE-NO-MATCH Status : Unpatched / inclu...
G Data TotalCare 2011 - Local Kernel
/ Exploit Title: G Data TotalCare 2011 0day Local Kernel Exploit Date: 2010-11-08 Author: Nikita Tarakanov CISS Research Team Software Link: http://www.gdata.de/ Version: up to date, version 21.1.0.5, MiniIcpt.sys version 1.0.8.9 Tested on: Win XP SP3 CVE : CVE-NO-MATCH Status : Unpatched / inclu...
Trend Micro Titanium Maximum Security 2011 0day Local Kernel Exploit
No description provided by source. 1.Description: The tmtdi.sys kernel driver distributed with Trend Micro Titanium Maximum Security 2011 contains a pointer overwrite vulnerability in the handling of IOCTL 0x220404. Exploitation of this issue allows an attacker to execute arbitrary code within th...
Trend Micro Titanium Maximum Security 2011 0day Local Kernel Exploit
Exploit for windows platform in category local exploits ==================================================================== Trend Micro Titanium Maximum Security 2011 0day Local Kernel Exploit ==================================================================== 1.Description: The tmtdi.sys kerne...
Trend Micro Titanium Maximum Security 2011 - Local Kernel
/ 1.Description: The tmtdi.sys kernel driver distributed with Trend Micro Titanium Maximum Security 2011 contains a pointer overwrite vulnerability in the handling of IOCTL 0x220404. Exploitation of this issue allows an attacker to execute arbitrary code within the kernel. An attacker would need...
CVE-2010-2031
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device...
Windows win32k.sys驱动SfnLOGONNOTIFY本地内核拒绝服务漏洞
BUGTRAQ ID: 39630 Microsoft Windows是微软发布的非常流行的操作系统。 Windows操作系统所使用的Win32k.sys驱动在DispatchMessage时,会最后调用到xxxDefWindowProc。该函数在处理某些消息时会调用gapfnScSendMessage函数表中的函数来处理,其中2000/xp/2003下在处理0x4c号消息时,会有一个名为 SfnLOGONNOTIFY的函数。当wParam == 4/13/12时该函数直接从lParam里取出数据。尽管函数内使用了SEH,但是只要传递错误的内核地址,仍然会引发系统崩溃。 伪代码: if...
Windows win32k.sys驱动ImeCanDestroyDefIMEforChild本地内核拒绝服务漏洞
Microsoft Windows是微软发布的非常流行的操作系统。 在Win32k!NtUserDestroyWindow-xxxDestroyWindow时,试图为子窗口销毁IME窗口时会调用 ImeCanDestroyDefIMEforChild函数。这个函数会在一个while循环中取得窗口的父窗口,试图确定窗口的子窗口和当前销毁的窗口是否属于同一个线程的,大概代码如下: if pwndDestroy-spwndParent == NULL return FALSE ; pwnd = pwndDestroy; while pwnd != NULL && pwnd !=...
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability Effect : Microsoft Windows 2000/XP/2003 full patch Author:MJ0011 Published: 2010-04-22 Vulnerability Details: Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealing...
Microsoft Windows XP20002003 - win32k.sys SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows XP20002003 - win32k.sys SfnLOGONNOTIFY Local kernel Denial of Service / Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability Effect : Microsoft Windows 2000/XP/2003 full patch Author:MJ0011 Published: 2010-04-22 Vulnerability Details:...
Microsoft Windows XP20002003 - win32k.sys SfnINSTRING Local kernel Denial of Service
Microsoft Windows XP20002003 - win32k.sys SfnINSTRING Local kernel Denial of Service / Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability Effect : Microsoft Windows 2000/XP/2003 full patch Author:MJ0011 Published: 2010-04-22 Vulnerability Details: Win32k.sys ...
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel DoS
Exploit for windows platform in category dos / poc =========================================================================================== Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability...
Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel DoS
Exploit for windows platform in category dos / poc ======================================================================================== Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability...
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
/ Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability Effect : Microsoft Windows 2000/XP/2003 full patch Author:MJ0011 Published: 2010-04-22 Vulnerability Details: Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealin...
Microsoft Windows XP/2000/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
/ Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability Effect : Microsoft Windows 2000/XP/2003 full patch Author:MJ0011 Published: 2010-04-22 Vulnerability Details: Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealing...
Authentium SafeCentral 2.6 - shdrv.sys Local Kernel Ring0 SYSTEM
Authentium SafeCentral 2.6 - shdrv.sys Local Kernel Ring0 SYSTEM / safecentral-unharden-v2.c Copyright c 2009 by Authentium SafeCentral include include include define SAFECNTRLIOCTL 0x00226003 static unsigned char win32fixup = "\x53" "\xb8\x00\x00\x00\x00" "\xbb\x00\x00\x00\x00" "\x8b\x00"...
Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM
/ safecentral-unharden-v2.c Copyright c 2009 by Authentium SafeCentral include include include define SAFECNTRLIOCTL 0x00226003 static unsigned char win32fixup = "\x53" "\xb8\x00\x00\x00\x00" "\xbb\x00\x00\x00\x00" "\x8b\x00" "\x89\x03" "\x31\xdb" "\x4b" "\x89\x18"; / Win2k3 SP1/2 - kernel EPROCE...