This proof of concept exploit triggers a null pointer vulnerability in OffsetChildren on Windows 7 32-bit. By mapping the null page an attacker can leverage this vulnerability to write to an arbitrary address.
930c6248c06d0f17df00bdda4843801b8c2604cfcf1b9138399dbc83fe37120bThis proof of concept exploit triggers a null pointer condition on Windows 7 32-bit, which can potentially be exploited on versions of Windows that allow mapping the null page (e.g. Windows 7 32-bit).
3bf1446b83cdd6c26177a31ebc1b3ce3549d04092ed485e00be882f09bb5eee1This proof of concept exploit triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard.
01bafe1c271dd2a2ea9fadc32ab4da411c8c4eb30209e6634fd69a20fc0c4443The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crash due to a bad pool header without special pool as well.
3403491c7fbf36174b15a563987a49c4a34c9dfe661dfceec3ca982b901368adThe attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory. When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.
4a4737c7da3e9d60d2829fc4216a2923ae3dd4946af77f8b03906129aa0fc6baThe attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and multiple runs on the PoC might be required to trigger the bug. This is more reliable on systems with multiple cores.
98cd61cfa57d50f4a3e3d1dc2c080a9c2743333c59a9c028d17d2c5241c7bd9aThe Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.
9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.
f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5The attached proof of concept exploit triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys.
f8fe51bd5f2d627380ec1e9bcb00b3ca0c6353262e9aa8b4b1b4ac9c99cb457aThe Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.
9748fca6fbb5ef34f232cdeeda20cce0f47e4feea1fa4c9a9f7b321d183c13cbThe Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.
aa59811bd905801dec0d9cc27fe51730ae27b8776b206fdd60d6a08739d77ef3The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.
9efdbf279fadc7781fc05c4c484e7fa55163ee3b825c2a7de5f5e364ae5d2187The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.
a07b9af66e76968a00a50316dfce34128aec9040ef04506e03d9536f8f6a3dfeThe Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.
95d27966a74a174f8e04f20a3a1138c7d875365b2e9461676084a3fa4f84f1a6The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.
cec5a4d82cefd5f7408a48e23c6eaff40a66ebae181a5611b5534e09b970f5ccThis proof of concept exploit triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.
d57eb2d920703735304948c9d9db4ef91854194c06fd1384c9871449486a7418The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.
25f32ba5359a051b672c78122c332f74c82b3772f7ba804f808898f00fe1a921The Microsoft Windows kernel suffers from a brush object use-after-free vulnerability.
ac1c9bbd47bafbca773cb80340ef700f905cab76f26f62766346947479e35793The Microsoft Windows kernel suffers from a use-after-free vulnerability in HmgAllocateObjectAttr.
e74e9b4659ae9cc8949897e4622853fa73eab51a3dc0249b28c703fe239770d4The Microsoft Windows kernel suffers from a NULL pointer dereference with window station and clipboard.
9f32e011ab66422b9eb1d0b4cb638eddddc956ca54dbeb3f19ad2f6d022e0f60The Microsoft Windows kernel suffers from a use-after-free vulnerability in WindowStation.
aa3efde61185dc1eb0cb8968c6c591a89fd27959b2d48dd4fabbf0770e09ec6eThe Microsoft Windows kernel may suffer from a NULL pointer dereference vulnerability.
d1f43b6047662ac0572f8e52b2d49d1b8975a8e50330286cb80ba2d1809962efThe Microsoft Windows kernel suffers from a use-after-free vulnerability in bitmap handling.
42a9706efcbff35685e37dd9c3a82c7ad193672a2463d2614d211e7e27a8f41cThe Microsoft Windows kernel suffers from a use-after-free vulnerability in the bitmap handling code.
f6216ef039b9fe229af00a9dbb5b21966f586b28c32b15cad36ba45f7e468271The Microsoft Windows kernel suffers from a use-after-free vulnerability in UserCommitDesktopMemory.
d1d309acfcd994767d657a143b1e405662a938b4370d0d8c5a73308836125489
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed