Exploit for Use After Free in Microsoft

CallbackHell Exploit for CVE-2021-40449 Win32k - LPE - Ca...

Microsoft Windows本地提权漏洞（CVE-2021-1732）

CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds Mar 25, 2021 • iamelli0t CVE-2021-1732 is a 0-Day vulnerability exploited by the BITTER APT organization in one operation which was disclosed in February this year123. This vulnerability exploits a user mode callback opportunity i...

Windows Kernel 64-bit stack memory disclosure in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback)(CVE-2018-0810)

We have discovered that a user-mode callback invoked by the win32k!SfnINLPHELPINFOSTRUCT function via KeUserModeCallback leads to the disclosure of uninitialized stack memory to user-mode clients, due to compiler-introduced structure padding. The vulnerability affects Windows 7 64-bit; other...

Windows Kernel stack memory disclosure in win32kfull!SfnINLPUAHDRAWMENUITEM (CVE-2017-0167)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10 indirectly through the win32k! NtUserPaintMenuBar system call, or more specifically, through the user32! fnINLPUAHDRAWMENUITEM user-mode callback 107 on Windows...

Microsoft Windows Kernel - win32kfull!SfnINLPUAHDRAWMENUITEM Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1192 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10 indirectly through the...

Microsoft Windows Kernel - win32kfull!SfnINLPUAHDRAWMENUITEM Stack Memory Disclosure

Microsoft Windows Kernel - win32kfull!SfnINLPUAHDRAWMENUITEM Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1192 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10...