Exploit the possiblities
Showing 1 - 25 of 203 RSS Feed

Files from mjurczyk

First Active2015-08-19
Last Active2018-01-10
Microsoft Windows Kernel ATMFD.DLL NamedEscape 0x250D Pool Corruption
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0788
MD5 | 96b46447ba7a6c968d0db2900d57b8a3
Microsoft Windows Kernel ATMFD.DLL Out-Of-Bounds Read
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode driver lacks any sort of sanitization of various 32-bit offsets found in .MMM files (Multiple Master Metrics), and instead uses them blindly while loading Type 1 Multiple-Master fonts in the system.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0754
MD5 | 870a4dbf54830a3b7fe3d330142d98ab
Microsoft Windows Kernel nt!PiUEventHandleGetEven Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure from nt!RawMountVolume via nt!PiUEventHandleGetEvent (\Device\DeviceApi\CMNotify device).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0747
MD5 | 60cf9a8ec04755f71c4247b0446d8196
Microsoft Windows Kernel nt!NtQuerySystemInformation Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0746
MD5 | b620b4ff52f8487fa112c32d8993da4c
Microsoft Windows Kernel nt!NtQueryInformationProcess Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure in nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0745
MD5 | 705f77a5bfdb76b806fe73449ba102a5
Microsoft Windows Kernel Ring-0 Address Leak
Posted Dec 20, 2017
Authored by Google Security Research, mjurczyk

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

tags | exploit, kernel
systems | windows, 7
MD5 | 4bb20d0c4e7b2208fd33f054d9383332
Microsoft Windows win32kfull!GreUpdateSpriteInternal Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

On Windows 10 32-bit version 1709, a kernel stack memory disclosure was discovered in win32kfull!GreUpdateSpriteInternal.

tags | advisory, kernel
systems | windows
MD5 | bba9e21920f1470c2c04ff12bffe0c98
Microsoft Windows win32kbase!NtQueryCompositionInputQueueAndTransform Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

The win32k!NtQueryCompositionInputQueueAndTransform system call may disclose portions of uninitialized kernel stack memory to user-mode clients on Windows 10.

tags | advisory, kernel
systems | windows
MD5 | 0d2ef075cd05432e7108cc59cee1953c
Microsoft Windows win32k!xxxSendMenuSelect Memory Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11853
MD5 | df47cad4c0563e46c4d01e39c825ee89
Microsoft Windows nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.

tags | exploit
systems | windows
advisories | CVE-2017-11831
MD5 | 819fa28825ba821d4b6515b916dd256a
Microsoft Windows NTFS File System Metadata Disclosures
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11880
MD5 | 82f8fc385cb8e1d9907a4dbdb347c2e4
Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
MD5 | ac8c580a68213846a36f69940bc63b44
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution
Posted Oct 30, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).

tags | advisory
systems | windows
MD5 | 3b1777f8309fb6e91148a1b542d501ef
Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

This advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11817
MD5 | f4472007f780b633aa086c20fa3c9ee8
Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11784
MD5 | e7fc69388cdf09d854702265504b52eb
Windows Kernel Pool nt!NtQueryObject Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when certain conditions are met.

tags | exploit
advisories | CVE-2017-11785
MD5 | f4f91d01df5144f04444581ce5fe7b80
Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8678
MD5 | 73d3685f1e900f98c6cd4f3a23681176
Microsoft Windows Kernel win32k!NtGdiHLSurfGetInformation Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiHLSurfGetInformation.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-8677
MD5 | ea7057c9591140087eed136016fbcd5a
Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8687
MD5 | fe4029deb9c5251a89ca66ad88be9adc
Microsoft Windows Kernel win32k!NtGdiEngCreatePalette Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiEngCreatePalette.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8685
MD5 | 83ee676927d72312fbb286ed64a835d8
Microsoft Windows Kernel win32k!NtGdiGetFontResourceInfoInternalW Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetFontResourceInfoInternalW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8684
MD5 | 61dc2229ecbf3b49ce1abc604e7d026d
Microsoft Windows Kernel TTF Font Processing glyf Out-Of-Bounds Read
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel win32k.sys TTF font processing suffers from an out-of-bounds read vulnerability with a malformed glyf table.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8683
MD5 | 6641efba2930501968ff7f836aa362bc
Microsoft Windows Kernel TTF Font Processing Out-Of-Bounds
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel win32k.sys TTF font procession functionality suffers from out-of-bounds read/write vulnerabilities.

tags | exploit, kernel, vulnerability
systems | windows
advisories | CVE-2017-8682
MD5 | aa8a1953e3c70722e1dd32b005aa020c
Microsoft Windows Kernel nt!NtSetIoCompletion / nt!NtRemoveIoCompletion Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtSetIoCompletion and nt!NtRemoveIoCompletion.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8708
MD5 | fd5025fc6a75cc5dbc1f54b354b0c2e7
Page 1 of 9
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close