Microsoft Windows 10 - nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure

Microsoft Windows 10 - nt!NtQueryDirectoryFile luafv!LuafvCopyDirectoryEntry Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode...

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to...

Microsoft Windows Kernel - IOCTL 0x120007 NsiGetParameter nsiproxynetio Pool Memory Disclosure

Microsoft Windows Kernel - IOCTL 0x120007 NsiGetParameter nsiproxynetio Pool Memory Disclosure / We have discovered that the handler of the 0x120007 IOCTL in nsiproxy.sys \.\Nsi device discloses portions of uninitialized pool memory to user-mode clients, likely due to output structure alignment...

Microsoft Windows - 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1154 We have discovered that the handler of the IOCTLVOLUMEGETVOLUMEDISKEXTENTS IOCTL in volmgr.sys discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test Window...

Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to user-mode clients. The issue can be reproduced by running the attached...

Microsoft Windows - IOCTL_MOUNTMGR_QUERY_POINTS Kernel Mountmgr Pool Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1150&desc=2 We have discovered that the handler of the IOCTLMOUNTMGRQUERYPOINTS IOCTL in mountmgr.sys discloses portions of uninitialized pool memory to user-mode clients, due to...

Microsoft Windows - IOCTL_DISK_GET_DRIVE_LAYOUT_EX Kernel partmgr Pool Memory Disclosure

Microsoft Windows - IOCTLDISKGETDRIVELAYOUTEX Kernel partmgr Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to...

Microsoft Windows - IOCTL_DISK_GET_DRIVE_GEOMETRY_EX Kernel partmgr Pool Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1156&desc=2 We have discovered that the handler of the IOCTLDISKGETDRIVEGEOMETRYEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to user-mode clients, due ...