Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free

Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...

Windows Kernel 64-bit pool memory disclosure in NtQueryVirtualMemory(MemoryMappedFilenameInformation)(CVE-2018-0894)

We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The output buffer for thi...

Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) Double-Write Ring-0 Address Leak

Microsoft Windows Kernel - NtQueryVirtualMemoryMemoryMappedFilenameInformation Double-Write Ring-0 Address Leak / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call information class 2,...

Microsoft Windows Kernel Pool nt!NtQueryObject (ObjectNameInformation) Memory Disclosure Vulnerabi

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when the following conditions are me...

Microsoft Windows Kernel NtQueryObject Information Disclosure (CVE-2017-11785)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successful exploitation allows the attacker to retrieve information that could lead to a Kernel ASLR bypass...

Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11785)

We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when the following conditions are met: 1. It is invoked with the ObjectNameInformation information class and a file object associated with a file on local disk other...

Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when the following conditions are met: a It is invoked with the ObjectNameInformation...