what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Microsoft Windows Kernel ATMFD.DLL NamedEscape 0x250D Pool Corruption
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0788
MD5 | 96b46447ba7a6c968d0db2900d57b8a3

Related Files

Microsoft Windows Kernel win32k!NtGdiGetTextMetricsW Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetTextMetricsW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8472
MD5 | 0c9e8e1e6901f907ee10e8db7b16df58
Microsoft Windows Kernel win32k!NtGdiGetOutlineTextMetricsInternalW Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetOutlineTextMetricsInternalW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8471
MD5 | 332be683045638ea7d0e8491efbcc3c7
Microsoft Windows Kernel win32k!NtGdiExtGetObjectW Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiExtGetObjectW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8470
MD5 | bc1f54aab9e54f6d87438b0f1cc4fb8d
Microsoft Windows Kernel nt!KiDispatchException Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in exception handling (nt!KiDispatchException).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8482
MD5 | 5e4fdb928479ea0235148fe6899fdbfe
Microsoft Windows Kernel Pool nt!NtNotifyChangeDirectoryFile Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtNotifyChangeDirectoryFile.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0299
MD5 | 28bb3b376bd7bcc1394bb07442221b5c
Microsoft Kernel Pool nt!NtQueryVolumeInformationFile Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQueryVolumeInformationFile (FileFsVolumeInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8462
MD5 | 3da3669afce97f78864ec898d82f31e1
Microsoft Windows Kernel Partmgr Pool IOCTL_DISK_GET_DRIVE_LAYOUT_EX Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a partmgr pool memory disclosure vulnerability in the handling of IOCTL_DISK_GET_DRIVE_LAYOUT_EX.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8469
MD5 | 1f9d723b762f9af977602de808734afc
Microsoft Windows Kernel Partmgr Pool IOCTL_DISK_GET_DRIVE_GEOMETRY_EX Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a partmgr pool memory disclosure vulnerability in the handling of IOCTL_DISK_GET_DRIVE_GEOMETRY_EX.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8492
MD5 | aa5c0f3bc7a8857ac395369e3e9b409a
Microsoft Windows Kernel Volmgr Pool Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a volmgr pool memory disclosure vulnerability in the handling of IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8491
MD5 | ad4ed2ce37615d3b18d9c905d9cca90a
Microsoft Windows Kernel KsecDD Pool Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The IOCTL sent to the \Device\KsecDD device by the BCryptOpenAlgorithmProvider documented API returns some uninitialized pool memory in the output buffer of the Microsoft Windows kernel.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8489
MD5 | 01d603dfb7dcb74694f84af10f7cb2dc
Microsoft Windows win32k!NtGdiGetOutlineTextMetricsInternalW Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure due to output structure alignment in win32k!NtGdiGetOutlineTextMetricsInternalW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8484
MD5 | 2f2d58f889cb1714929e2b0498a45b03
EternalBlue Exploit Analysis And Port To Microsoft Windows 10
Posted Jun 7, 2017
Authored by Sean Dillon, Dylan Davis

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.

tags | paper, remote, kernel, vulnerability, code execution
systems | windows, xp, 7
MD5 | 0e04e472a5f9e98389f5f1e13ec2bf50
Microsoft Windows Kernel bind() Out-Of-Bounds Read
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.

tags | exploit, denial of service, kernel
systems | windows
advisories | CVE-2017-0175, CVE-2017-0220
MD5 | fb714457eb0672ef6032af4d1179f3ea
Microsoft Windows Kernel win32kfull!SfnINLPUAHDRAWMENUITEM Memory Disclosure
Posted Apr 14, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32kfull!SfnINLPUAHDRAWMENUITEM.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0167
MD5 | ce7b3dab00b9ccf6494b5c37fbf33a0f
Microsoft Windows Kernel Registry Hive Loading Crashes
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0103
MD5 | 1c3771daf857a6e80934d984e8d52e3e
Microsoft Windows kernel win32k Denial Of Service
Posted Nov 14, 2016
Authored by TinySec

The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135.

tags | exploit, denial of service, kernel
systems | windows
advisories | CVE-2016-7255
MD5 | 1565e5e5849413adeccf1d24ffbe2a57
Microsoft Windows Kernel NtUserScrollDC Memory Corruption
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
MD5 | 8240ee457b91e561975c81e62e83c6ed
Microsoft Windows Kernel Use-After-Free
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-6100
MD5 | f9508fac2dc49164212b3ec62758c825
Windows Kernel BGetRealizedBrush Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2518
MD5 | 6c331efa6a0b0048a57ab86a21eb0424
Windows Kernel FlashWindowEx Memory Corruption
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2511
MD5 | c06f7d9e56578cd6b9b6fdf8944e8c48
Windows Kernel DeferWindowPos Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2366
MD5 | 771b7ab055281b2881d46e32423592f5
Windows Kernel Printer Device Contexts Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2507
MD5 | e2003ff99e314874b0dfa78bd60b4ece
Windows Kernel Cursor Object Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2517
MD5 | be24525e9fc67e02cb9f2c256f9327a8
Windows Kernel NtGdiStretchBlt Pool Buffer Overflow
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-2512
MD5 | d30fbcc4ba65b1d8c93c1baa6b4765f8
Windows Kernel Win32k!vSolidFillRect Buffer Overflow
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-1725
MD5 | 97909575576c68615a34b1fce4844f8a
Page 1 of 4
Back1234Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close