SAS CTF and the many ways to persist a kernel shellcode on Windows 7

On May 18, 2024, Kaspersky's Global Research & Analysis Team GReAT, with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world to...

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...

VulnCheck KEV: CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control...

Stack overflow

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control...

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control...

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control...

Microsoft Windows win32k.sys驱动"GreEnableEUDC()"权限提升漏洞

Microsoft Windows是微软发布的非常流行的操作系统。 Windows的win32k.sys驱动实现上存在漏洞，本地攻击者可能利用此漏洞提升权限或导致拒绝服务。 此漏洞源于驱动中的"GreEnableEUDC"函数，通过构造畸形的"SystemDefaultEUDCFont"注册表项，本地攻击者可以给"RtlQueryRegistryValues"函数的"QueryTable"参数提供恶意数据，导致"EntryContext" 缓冲区溢出。 Microsoft Windows XP Professional Microsoft Windows XP Home Edition...

Microsoft Windows RtlQueryRegistryValues() does not adequately validate registry data

Overview Microsoft Windows does not adequately validate registry data read using the function RtlQueryRegistryValues. By modifying an EUDC registry key value, a local user could execute arbitrary code with SYSTEM privileges. Description Microsoft Windows supports end-user-defined characters EUDC ...

Microsoft Windows Vista/7 - Local Privilege Escalation (UAC Bypass)

A Design Flaw in Windows Kernel API can Lead to privilege escalation. Mirror of Original Post: http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ PoC: http://www.codeproject.com/KB/vista-security/uac.aspx not available mirror:...

Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the 'RtlQueryRegistryValues' API function. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of...

Microsoft Windows Vista7 - Local Privilege Escalation (UAC Bypass)

Microsoft Windows Vista7 - Local Privilege Escalation UAC Bypass A Design Flaw in Windows Kernel API can Lead to privilege escalation. Mirror of Original Post: http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ PoC:...