Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation

This module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k. The out of bounds write can be used to overwrite the pvbits of a SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code executio...

Windows Kernel 64-bit pool memory disclosure in win32k!UMPDOBJ::LockSurface(CVE-2018-0813)

We have discovered that the win32k!UMPDOBJ::LockSurface function discloses portions of uninitialized pool memory to user-mode clients. The bug was encountered on Windows 7 64-bit; other versions were not tested. The leak was detected in the context of the splwow64.exe process, under the following...

Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)

Source: https://code.google.com/p/google-security-research/issues/detail?id=312 This issue is very likely a null pointer issue affecting 32-bit Windows version. The offset is from add onto another offset which isn't quite zero, so not 100% convinced it is just a null pointer, however I wasn't abl...