Microsoft Windows - nt!NtQuerySystemInformation (SystemPageFileInformation(Ex)) Kernel 64-bit Stack

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The...

Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure

/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. According to the ZwQueryInformationProcess...

Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory Disclosure

Microsoft Windows Kernel - NtQueryVirtualMemoryMemoryMappedFilenameInformation 64-bit Pool Memory Disclosure / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memor...

Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory

Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure

/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The output buffer for...

Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) Double-Write Ring-0 Address Leak

Microsoft Windows Kernel - NtQueryVirtualMemoryMemoryMappedFilenameInformation Double-Write Ring-0 Address Leak / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a...

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call information class 2,...

Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation

Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation / Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit Date: 2013-7-17 Author : MJ0011 Version: Symantec Workspace Virtualization 6.4.1895.0 Tested on: Windows XP SP3 DETAILS: In...

中嘉华诚内核加固免疫系统单机版1.2.01 ProcFilter.sys 本地内核拒绝服务漏洞

中嘉华诚内核加固免疫系统GKR系列产品是北京中嘉华诚网络安全公司开发的一款安全防护软件，其内核驱动ProcFilter.sys 编译日期 = 2009.8.7 ，因该产品制作不规范，没有版本信息，因此以驱动编译日期为准） 存在多处本地内核拒绝服务漏洞，任意权限的用户可以构造特殊参数调用系统服务，引发系统崩溃 漏洞细节： ProcFilter.sys的作者没有内核安全编程常识，没能正确理解内核驱动中缓存处理的安全方法，例如NtCreateFile的钩子中，仅仅在对传入的用户态参数进行Probe时使用了tryexcept ,在Probe完毕后就在没有SEH保护下进行了参数访问，因此引发了蓝屏...

Sophos Anti-Virus SSDT钩子本地拒绝服务漏洞

BUGTRAQ ID: 28743 CVECAN ID: CVE-2008-1737 Sophos Anti-Virus是一款适用于多种操作系统的杀毒软件。 Sophos杀毒软件的NtCreateKey函数没有正确地验证参数，本地攻击者可能利用此漏洞导致程序不可用。 相关的代码如下： /----------- int cdecl NtCreateKeyHookPHANDLE pKeyHandle, ACCESSMASK DesiredAccess, POBJECTATTRIBUTES ObjectAttributes, ULONG TitleIndex,PUNICODESTRING...