what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files from Nils

First Active2013-08-08
Last Active2015-12-18
Microsoft Windows Kernel Win32k!OffsetChildren Null Pointer Dereference
Posted Dec 18, 2015
Authored by Nils, Google Security Research

This proof of concept exploit triggers a null pointer vulnerability in OffsetChildren on Windows 7 32-bit. By mapping the null page an attacker can leverage this vulnerability to write to an arbitrary address.

tags | exploit, arbitrary, proof of concept
systems | linux, windows
advisories | CVE-2015-6171
SHA-256 | 930c6248c06d0f17df00bdda4843801b8c2604cfcf1b9138399dbc83fe37120b
Win32k Null Pointer Dereference
Posted Dec 18, 2015
Authored by Nils, Google Security Research

This proof of concept exploit triggers a null pointer condition on Windows 7 32-bit, which can potentially be exploited on versions of Windows that allow mapping the null page (e.g. Windows 7 32-bit).

tags | exploit, proof of concept
systems | linux, windows
advisories | CVE-2015-6174
SHA-256 | 3bf1446b83cdd6c26177a31ebc1b3ce3549d04092ed485e00be882f09bb5eee1
Win32k Clipboard Bitmap Use-After-Free
Posted Dec 18, 2015
Authored by Nils, Google Security Research

This proof of concept exploit triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard.

tags | exploit, kernel, proof of concept
systems | linux, windows
advisories | CVE-2015-6173
SHA-256 | 01bafe1c271dd2a2ea9fadc32ab4da411c8c4eb30209e6634fd69a20fc0c4443
Microsoft Windows Ndis.sys Buffer Overflow
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crash due to a bad pool header without special pool as well.

tags | exploit, overflow
systems | linux, windows
advisories | CVE-2015-6098
SHA-256 | 3403491c7fbf36174b15a563987a49c4a34c9dfe661dfceec3ca982b901368ad
Microsoft Windows Cursor Object Potential Memory Leak
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory. When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-6102
SHA-256 | 4a4737c7da3e9d60d2829fc4216a2923ae3dd4946af77f8b03906129aa0fc6ba
Microsoft Windows Race Condition Leading To Use After Free
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and multiple runs on the PoC might be required to trigger the bug. This is more reliable on systems with multiple cores.

tags | exploit
systems | linux
advisories | CVE-2015-6101
SHA-256 | 98cd61cfa57d50f4a3e3d1dc2c080a9c2743333c59a9c028d17d2c5241c7bd9a
Microsoft Windows Kernel NtUserScrollDC Memory Corruption
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
SHA-256 | 9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8
Microsoft Windows Kernel Use-After-Free
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-6100
SHA-256 | f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5
Windows Kernel NtGdiBitBlt Buffer Overflow
Posted Sep 24, 2015
Authored by Nils, Google Security Research

The attached proof of concept exploit triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2015-2512
SHA-256 | f8fe51bd5f2d627380ec1e9bcb00b3ca0c6353262e9aa8b4b1b4ac9c99cb457a
Windows Kernel BGetRealizedBrush Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2518
SHA-256 | 9748fca6fbb5ef34f232cdeeda20cce0f47e4feea1fa4c9a9f7b321d183c13cb
Windows Kernel FlashWindowEx Memory Corruption
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2511
SHA-256 | aa59811bd905801dec0d9cc27fe51730ae27b8776b206fdd60d6a08739d77ef3
Windows Kernel DeferWindowPos Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2366
SHA-256 | 9efdbf279fadc7781fc05c4c484e7fa55163ee3b825c2a7de5f5e364ae5d2187
Windows Kernel Printer Device Contexts Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2507
SHA-256 | a07b9af66e76968a00a50316dfce34128aec9040ef04506e03d9536f8f6a3dfe
Windows Kernel Cursor Object Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2517
SHA-256 | 95d27966a74a174f8e04f20a3a1138c7d875365b2e9461676084a3fa4f84f1a6
Windows Kernel NtGdiStretchBlt Pool Buffer Overflow
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-2512
SHA-256 | cec5a4d82cefd5f7408a48e23c6eaff40a66ebae181a5611b5534e09b970f5cc
Windows Kernel Pool Buffer Overflow Drawing Caption Bar
Posted Sep 22, 2015
Authored by Nils, Google Security Research

This proof of concept exploit triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2015-1727
SHA-256 | d57eb2d920703735304948c9d9db4ef91854194c06fd1384c9871449486a7418
Windows Kernel Win32k!vSolidFillRect Buffer Overflow
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-1725
SHA-256 | 25f32ba5359a051b672c78122c332f74c82b3772f7ba804f808898f00fe1a921
Windows Kernel Brush Object Use-After-Free
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a brush object use-after-free vulnerability.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1724
SHA-256 | ac1c9bbd47bafbca773cb80340ef700f905cab76f26f62766346947479e35793
Windows Kernel HmgAllocateObjectAttr Use-After-Free
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in HmgAllocateObjectAttr.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1726
SHA-256 | e74e9b4659ae9cc8949897e4622853fa73eab51a3dc0249b28c703fe239770d4
Windows Kernel NULL Pointer Dereference With Window Station And Clipboard
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a NULL pointer dereference with window station and clipboard.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1721
SHA-256 | 9f32e011ab66422b9eb1d0b4cb638eddddc956ca54dbeb3f19ad2f6d022e0f60
Windows Kernel Use-After-Free In WindowStation
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in WindowStation.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1723
SHA-256 | aa3efde61185dc1eb0cb8968c6c591a89fd27959b2d48dd4fabbf0770e09ec6e
Windows Kernel Possible NULL Pointer Dereference Of A SURFOBJ
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel may suffer from a NULL pointer dereference vulnerability.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1725
SHA-256 | d1f43b6047662ac0572f8e52b2d49d1b8975a8e50330286cb80ba2d1809962ef
Windows Kernel Use-After-Free In Bitmap Handling
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in bitmap handling.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1722
SHA-256 | 42a9706efcbff35685e37dd9c3a82c7ad193672a2463d2614d211e7e27a8f41c
Windows Kernel Bitmap Handling Use-After-Free
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in the bitmap handling code.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1722
SHA-256 | f6216ef039b9fe229af00a9dbb5b21966f586b28c32b15cad36ba45f7e468271
Windows Kernel UserCommitDesktopMemory Use-After-Free
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in UserCommitDesktopMemory.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2365
SHA-256 | d1d309acfcd994767d657a143b1e405662a938b4370d0d8c5a73308836125489
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close