HEVD pool overflow analysis-vulnerability warning-the black bar safety net

Prepare the environment Win 10 64-bit host + win 7 32-bit virtual machine Windbg: a debugger VirtualKD-3.0: double-click the debug tool InstDrv: the drive is installed, run the tool HEVD: a Windows kernel vulnerability training project, which almost covers the kernel may exist, all vulnerability...

Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1078 We have discovered two bugs in the implementation of the win32k!NtGdiGetDIBitsInternal system call, which is a part of the graphic subsystem in all modern versions of Windows. The issues can potentially lead to kernel pool...

DESlock+ <= 3.2.7 (probe read) Local Kernel Denial of Service PoC

No description provided by source. / deslock-probe-read.c Copyright c 2008 by [email protected] DESlock+ = 3.2.7 local kernel DoS POC by mu-b - Sat 19 Jul 2008 - Tested on: DLMFENC.sys 1.0.0.28 call to ProbeForRead with a user-definable address that is eventually overwritten should have been...

DESlock+ &lt;= 3.2.7 (probe read) Local Kernel Denial of Service PoC

No description provided by source. / deslock-probe-read.c Copyright c 2008 by [email protected] DESlock+ = 3.2.7 local kernel DoS POC by mu-b - Sat 19 Jul 2008 - Tested on: DLMFENC.sys 1.0.0.28 call to ProbeForRead with a user-definable address that is eventually overwritten should have been...

DESlock+ <= 3.2.7 (probe read) Local Kernel Denial of Service PoC

Exploit for unknown platform in category dos / poc ================================================================= DESlock+ DESlock+ include include define DLMFENCIOCTL 0x0FA4204C define DLMFENCFLAG 0xC001D00D define ARGSIZEa a-sizeof int2/sizeof void struct ioctlreq int flag; int reqnum; void...

ESET Smart Security 'easdrv.sys'本地特权提升漏洞

BUGTRAQ ID: 30719 CNCAN ID：CNCAN-2008081903 ESET Smart Security是一款集成防火墙，反病毒的应用软件。 ESET Smart Security 'easdrv.sys'驱动存在输入检查问题，本地攻击者可以利用漏洞以内核进程权限执行任意指令。 文件：easdrv.sys .text:00012B92 loc12B92: .text:00012B92 push ebp+InputBuf .text:00012B95 call ds:off1A200eax .text:00012B9B mov ecx, ebp+OutputBuffe...

Sophos Anti-Virus SSDT钩子本地拒绝服务漏洞

BUGTRAQ ID: 28743 CVECAN ID: CVE-2008-1737 Sophos Anti-Virus是一款适用于多种操作系统的杀毒软件。 Sophos杀毒软件的NtCreateKey函数没有正确地验证参数，本地攻击者可能利用此漏洞导致程序不可用。 相关的代码如下： /----------- int cdecl NtCreateKeyHookPHANDLE pKeyHandle, ACCESSMASK DesiredAccess, POBJECTATTRIBUTES ObjectAttributes, ULONG TitleIndex,PUNICODESTRING...