14 matches found
Abusing Token Privileges For LPE
Abusing Token Privileges For LPE. Papers exploit for Windows platform |=-----------------------------------------------------------------------=| |=----------------= Abusing Token Privileges For LPE=------------------=| |=-----------------------------------------------------------------------=|...
MS15-061: Vulnerabilities in kernel-mode drivers could allow elevation of privilege: June 9, 2015
MS15-061: Vulnerabilities in kernel-mode drivers could allow elevation of privilege: June 9, 2015 Summary This security update resolves vulnerabilities in Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially...
HEVD kernel vulnerability training-with Windows play-bug warning-the black bar safety net
For this training of the research study will kernel vulnerability principle, the use of the way, under Windows many common data structures have a preliminary understanding, from the open Ring0 gate. HEVD project address: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver For the kernel...
Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)
Source: https://code.google.com/p/google-security-research/issues/detail?id=320 The PoC bug checks reliably with Special Pool enabled on writing to freed memory. A reference to the freed memory is held at offset +0x10 of the THREADINFO object. This memory is referenced in HmgAllocateObjectAttr...
Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)
Microsoft Windows Kernel - Brush Object Use-After-Free MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=304 Creating a device context with the flag DCXNORESETATTRS and selecting a brush object into the device context will result in the brush being freed on...
Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)
Microsoft Windows Kernel - WindowStation Use-After-Free MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=295 Platform: Win7 32-bit. trigger.cpp should fire the issue, with caveats: - PoC MUST be compiled in release mode. - PoC may need to be run a few times to...
Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=321 The PoC triggers a crashes due to a pool buffer overflow while drawing the caption bar of window. The trigger depends on the current window...
Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=313 The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Witho...
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Source: https://code.google.com/p/google-security-research/issues/detail?id=313 The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Without Special Pool we often get a crash in the same function, but sometimes i...
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free MS15-061 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=293 Platform: Win7 32-bit. trigger.cpp should fire the issue, with two caveats: - PoC will NOT work if compiled as a debug build. - PoC will trigger the...
Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=320 The PoC bug checks reliably with Special Pool enabled on writing to freed memory. A reference to the freed memory is held at offset +0x10 of the...
Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Source: https://code.google.com/p/google-security-research/issues/detail?id=312 This issue is very likely a null pointer issue affecting 32-bit Windows version. The offset is from add onto another offset which isn't quite zero, so not 100% convinced it is just a null pointer, however I wasn't abl...
Microsoft Windows Kernel Bitmap Handling Use After Free (MS15-061: CVE-2015-1722)
Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and corrupt kernel memory...
MS15-061 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
No description provided by source. include include / Exploiting MS15-061 with reverse engineering Win32k.sys by steps : 1: hook PEB callback Function 2: trigger vulnerability make proper Window to lead vulnerable function 3: replace fake object with NtUserDefSetText in Desktop heap inside PEB...