exploit the possibilities
Showing 51 - 75 of 263 RSS Feed

Files from mjurczyk

Email addressmjurczyk at google.com
First Active2015-08-19
Last Active2019-07-12
Microsoft Windows Kernel nt!KiDispatchException Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!KiDispatchException.

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0897
MD5 | cbcf89fc2aa7997ca8c8aa329de96e64
Microsoft Windows Kernel msrpc!LRPC_CASSOCIATION::AlpcSendCancelMessage Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in msrpc!LRPC_CASSOCIATION::AlpcSendCancelMessage.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0896
MD5 | a3019927b362555cf6724e71c06a0e35
Microsoft Windows Kernel NtQueryInformationThread(ThreadBasicInformation) Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit stack memory disclosure vulnerability in NtQueryInformationThread(ThreadBasicInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0895
MD5 | aec9ca1968214b0e3bca89220158b22c
Microsoft Windows Kernel NtQueryVirtualMemory(MemoryMappedFilenameInformation) Memory Disclosure
Posted Mar 21, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Window kernel suffers from a 64-bit pool memory disclosure vulnerability in NtQueryVirtualMemory(MemoryMappedFilenameInformation).

tags | exploit, kernel
advisories | CVE-2018-0894
MD5 | d0aa36a63655006696b53b7a5b2d5cae
Windows Kernel win32k!fnHkINLPMSLLHOOKSTRUCT Memory Disclosure
Posted Feb 22, 2018
Authored by Google Security Research, mjurczyk

The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMSLLHOOKSTRUCT (via user-mode callback).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0810
MD5 | f2649d29716451a098dfbf661fbfbe0a
Windows Kernel win32k!SfnINLPHELPINFOSTRUCT Memory Disclosure
Posted Feb 22, 2018
Authored by Google Security Research, mjurczyk

The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0810
MD5 | 27c78eb28b55312aa2809afbc0d3b311
Windows Kernel win32k!fnHkINLPMOUSEHOOKSTRUCTEX Memory Disclosure
Posted Feb 22, 2018
Authored by Google Security Research, mjurczyk

The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMOUSEHOOKSTRUCTEX (via user-mode callback).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0810
MD5 | 51df2fe0cf72e749bba708e2ea83d84a
Windows Kernel win32k!SfnINOUTLPWINDOWPOS Memory Disclosure
Posted Feb 22, 2018
Authored by Google Security Research, mjurczyk

The 64-bit Windows kernel suffers from a pool memory disclosure vulnerability in win32k!SfnINOUTLPWINDOWPOS (via user-mode callback).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0810
MD5 | 9c567298b0ec80585c4b62f8cb2074d5
Windows Kernel Double Fetches
Posted Feb 22, 2018
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0809
MD5 | cda157a63a505b6dc3e57ec6e5981c51
Windows Kernel nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure
Posted Feb 20, 2018
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0832
MD5 | 377dfc9711b87f3d2d74deede52a59ef
Microsoft Windows Kernel ATMFD.DLL NamedEscape 0x250D Pool Corruption
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0788
MD5 | 96b46447ba7a6c968d0db2900d57b8a3
Microsoft Windows Kernel ATMFD.DLL Out-Of-Bounds Read
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode driver lacks any sort of sanitization of various 32-bit offsets found in .MMM files (Multiple Master Metrics), and instead uses them blindly while loading Type 1 Multiple-Master fonts in the system.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0754
MD5 | 870a4dbf54830a3b7fe3d330142d98ab
Microsoft Windows Kernel nt!PiUEventHandleGetEven Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure from nt!RawMountVolume via nt!PiUEventHandleGetEvent (\Device\DeviceApi\CMNotify device).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0747
MD5 | 60cf9a8ec04755f71c4247b0446d8196
Microsoft Windows Kernel nt!NtQuerySystemInformation Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0746
MD5 | b620b4ff52f8487fa112c32d8993da4c
Microsoft Windows Kernel nt!NtQueryInformationProcess Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure in nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0745
MD5 | 705f77a5bfdb76b806fe73449ba102a5
Microsoft Windows Kernel Ring-0 Address Leak
Posted Dec 20, 2017
Authored by Google Security Research, mjurczyk

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

tags | exploit, kernel
systems | windows, 7
MD5 | 4bb20d0c4e7b2208fd33f054d9383332
Microsoft Windows win32kfull!GreUpdateSpriteInternal Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

On Windows 10 32-bit version 1709, a kernel stack memory disclosure was discovered in win32kfull!GreUpdateSpriteInternal.

tags | advisory, kernel
systems | windows
MD5 | bba9e21920f1470c2c04ff12bffe0c98
Microsoft Windows win32kbase!NtQueryCompositionInputQueueAndTransform Kernel Stack Memory Disclosure
Posted Nov 25, 2017
Authored by Google Security Research, mjurczyk

The win32k!NtQueryCompositionInputQueueAndTransform system call may disclose portions of uninitialized kernel stack memory to user-mode clients on Windows 10.

tags | advisory, kernel
systems | windows
MD5 | 0d2ef075cd05432e7108cc59cee1953c
Microsoft Windows win32k!xxxSendMenuSelect Memory Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11853
MD5 | df47cad4c0563e46c4d01e39c825ee89
Microsoft Windows nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.

tags | exploit
systems | windows
advisories | CVE-2017-11831
MD5 | 819fa28825ba821d4b6515b916dd256a
Microsoft Windows NTFS File System Metadata Disclosures
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11880
MD5 | 82f8fc385cb8e1d9907a4dbdb347c2e4
Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
MD5 | ac8c580a68213846a36f69940bc63b44
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution
Posted Oct 30, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).

tags | advisory
systems | windows
MD5 | 3b1777f8309fb6e91148a1b542d501ef
Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

This advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11817
MD5 | f4472007f780b633aa086c20fa3c9ee8
Page 3 of 11
Back12345Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close