14 matches found
Microsoft Win32k Privilege Escalation Vulnerability
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges...
Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit
No description provided by source. ifndef WIN32NOSTATUS define WIN32NOSTATUS endif include stdio.h include stdarg.h include stddef.h include windows.h include assert.h ifdef WIN32NOSTATUS undef WIN32NOSTATUS endif include ntstatus.h pragma commentlib, gdi32 pragma commentlib, kernel32 pragma...
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...
win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
No description provided by source. I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't exploit the bug while HeavyAllocPool is failing,...
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
This module exploits a vulnerability on EPATHOBJ::pprFlattenRec due to the usage of uninitialized data which allows to corrupt memory. At the moment, the module has been tested successfully on Windows XP SP3, Windows 2003 SP1, and Windows 7 SP1. This module requires Metasploit:...
Microsoft Windows - 'EPATHOBJ::pprFlattenRec' Local Privilege Escalation (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
Exploit for windows platform in category local exploits require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/process' class Metasploit3 'Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation', 'Description' = %q...
Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Design/Logic Flaw
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next...
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next...
CVE-2013-3660
CVE-2013-3660 describes a local privilege-escalation in Microsoft Windows via Win32k.sys (EPATHOBJ::pprFlattenRec) where a pointer for the next object in a PATHREC list is not properly initialized. According to the CVE description and linked documents, local users could gain write access to the P...
Microsoft Windows Kernel "win32k.sys" win32k!EPATHOBJ::pprFlattenRec权限漏洞
BUGTRAQ ID: 60051 Microsoft Windows是微软公司推出的一系列操作系统。 Windows 7 x86 Professional win32k.sys v6.1.7601.18126、Windows 8的"win32k.sys"在处理某些对象时存在错误,可导致崩溃,或以内核权限执行任意代码。此漏洞源于win32k!EPATHOBJ::pprFlattenRec内的bug,此处win32k!EPATHOBJ::newpathrec返回的PATHREC对象没有初始化下一个列表指针。 0 Microsoft Windows 8 Microsoft Windows 7...
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next...
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't...