50 matches found
EUVD-2017-4360
Malware in sbrugna...
SoftPerfect RAM Disk spvve.sys 0x222024 information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1122 SoftPerfect RAM Disk spvve.sys 0x222024 information disclosure vulnerability August 4, 2020 CVE Number CVE-2020-13523 SUMMARY An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I...
Solving Uninitialized Kernel Pool Memory on Windows
This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our...
Solving Uninitialized Kernel Pool Memory on Windows
This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path. For a background on why uninitialized memory matters and what options have been used in the past to tackle this issue, please see our...
Event 1530 is logged and ProfSvc leaks paged pool memory and handles in Windows 8.1 or Windows Server 2012 R2
Event 1530 is logged and ProfSvc leaks paged pool memory and handles in Windows 8.1 or Windows Server 2012 R2 This article describes an issue in which event 1530 is logged, and user profile service ProfSvc leaks paged pool memory and handles in Windows 8.1, Windows RT 8.1, or Windows Server 2012...
Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)
Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose uninitialized kernel pool memory to user-mode clients. The vulnerability...
Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryInformationTransactionManager TransactionManagerRecoveryInformation Kernel Pool Memory Disclosure / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose...
Windows Kernel 64-bit pool memory disclosure via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries)(CVE-2018-0898)
We have discovered a Windows kernel memory disclosure vulnerability through the body of "AllocConfig" registry values of type REGRESOURCELIST, which can be found under HKLM\SYSTEM\CurrentControlSet\Enum\\Control\AllocConfig. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak...
Windows Kernel 64-bit pool memory disclosure in win32k!UMPDOBJ::LockSurface(CVE-2018-0813)
We have discovered that the win32k!UMPDOBJ::LockSurface function discloses portions of uninitialized pool memory to user-mode clients. The bug was encountered on Windows 7 64-bit; other versions were not tested. The leak was detected in the context of the splwow64.exe process, under the following...
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory
Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit...
Microsoft Windows - nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformati
Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQuerySystemInformation system call invoked with the 138 information class discloses portions of uninitialized kernel pool memory to user-mode clients. The specific information class is handled by an internal...
CVE-2017-12823
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation...
Microsoft Windows NTFS File System Metadata Disclosures Exploit
The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata. Windows Kernel multiple stack and pool memory disclosures into NTFS file system metadata CVE-2017-11880 We have discovered that the NTFS.sys driver writes uninitialized kernel stac...
Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the...
Microsoft Windows 10 - nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure
Microsoft Windows 10 - nt!NtQueryDirectoryFile luafv!LuafvCopyDirectoryEntry Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode...
Microsoft Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure Vulnerability
The Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability. Windows Kernel pool memory disclosure in nt!RtlpCopyLegacyContextX86 CVE-2017-11784 One kernel memory disclosure in the exception handling code has already been discovered and...
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when the following conditions are met: a It is invoked with the ObjectNameInformation...
Microsoft Windows - nt!NtQueryObject (ObjectNameInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryObject ObjectNameInformation Kernel Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode client...
Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure
Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to...
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mo...