exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Windows Kernel Type Confusion Memory Corruption
Posted Nov 8, 2022
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2022-38037
SHA-256 | 5243d82498c43a219718d01db84be2571a427237b6a4a54d1f50e487c8526fea

Related Files

Windows PspBuildCreateProcessContext Double-Fetch / Buffer Overflow
Posted Apr 30, 2024
Authored by gabe_k

Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in PspBuildCreateProcessContext that leads to a stack buffer overflow.

tags | exploit, overflow, kernel, proof of concept
systems | windows
advisories | CVE-2024-26218
SHA-256 | 0d419f34140c82908299252d3794e80651aedada14ee132d75462cbcf8700e96
Windows NtQueryInformationThread Double-Fetch / Arbitrary Write
Posted Apr 30, 2024
Authored by gabe_k

Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in NtQueryInformationThread that leads to an arbitrary write.

tags | exploit, arbitrary, kernel, proof of concept
systems | windows
advisories | CVE-2024-21345
SHA-256 | 17303e9dc06042a7d7b761657e3f97ac797834b1b9703bc726107b814b22b014
Windows Kernel Subkey List Use-After-Free
Posted Apr 11, 2024
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.

tags | exploit, kernel
systems | windows
advisories | CVE-2024-26182
SHA-256 | 371f9505662bb6a768bb624f24a62e46fef4ad9feab889c6189fe75092e31989
Windows Kernel CmpDoReDoCreateKey / CmpDoReOpenTransKey Out-Of-Bounds Read
Posted May 11, 2023
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from out-of-bounds read vulnerabilities when operating on invalid registry paths in CmpDoReDoCreateKey / CmpDoReOpenTransKey.

tags | exploit, kernel, registry, vulnerability
systems | windows
advisories | CVE-2023-21776, CVE-2023-28293
SHA-256 | 76ec9aa7a319065af82cafdd465533228021c8f1589b7dfe874c3ed0033910d0
Windows Kernel Uninitialized Memory / Pointer Disclosure
Posted May 11, 2023
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from a disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2023-28271
SHA-256 | d28ae7b6f77689b87212fa778ce097dbeda0292d731f4abdb493b75f067884e7
Windows Kernel NtNotifyChangeMultipleKeys Use-After-Free
Posted Jan 12, 2023
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from a use-after-free vulnerability due to bad handling of predefined keys in NtNotifyChangeMultipleKeys.

tags | exploit, kernel
systems | windows
advisories | CVE-2022-44683
SHA-256 | e31318a053707141296573a167ad796cc33514ff394bc3820404fedfd9233256
Windows Kernel Long Registry Key / Value Out-Of-Bounds Read
Posted Nov 10, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from out-of-bounds reads and other issues when operating on long registry key and value names.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2022-37991
SHA-256 | 8b59c6140909e13954c81f8ebbddfeb70a1e3eaf5675031e13f783c0db187379
Windows Kernel Long Registry Path Memory Corruption
Posted Nov 10, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from multiple memory corruption vulnerabilities when operating on very long registry paths.

tags | exploit, kernel, registry, vulnerability
systems | windows
advisories | CVE-2022-38038
SHA-256 | 98287a2f682dd844bcaa8bbc51f70cb0d694e997a42fcb83f27b010fb379d61d
Windows Kernel Registry Use-After-Free
Posted Nov 7, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel registry suffers from a use-after-free vulnerability due to bad handling of failed reallocations under memory pressure.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2022-37988
SHA-256 | 8bfa22378d9e50ef4b418d4748365b0da33423d42dc3533797aebf4653bedc6d
Windows Kernel Registry Subkey Lists Integer Overflow
Posted Oct 17, 2022
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from integer overflow vulnerabilities in its registry subkey lists leading to memory corruption.

tags | exploit, overflow, kernel, registry, vulnerability
systems | windows
advisories | CVE-2022-37956
SHA-256 | 4f2712bf388769633e54ee7cdd01205295aa838cb4c905e9fab301e7f201a73e
Windows Kernel Registry Hive Memory Problems
Posted Sep 9, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2022-35768
SHA-256 | 293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152
Windows Kernel Unchecked Blink Cell Index Invalid Read/Write
Posted Sep 9, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.

tags | exploit, kernel, root
systems | windows
advisories | CVE-2022-34708
SHA-256 | f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10
Windows Kernel Refcount Overflow Use-After-Free
Posted Sep 9, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.

tags | exploit, overflow, kernel, registry
systems | windows
advisories | CVE-2022-34707
SHA-256 | 887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3
SWAPGS Attack Proof Of Concept
Posted Feb 14, 2020
Authored by Dan Horea, Andrei Vlad

SWAPGS attack proof of concept exploit that demonstrates an information disclosure in the windows kernel.

tags | exploit, kernel, proof of concept, info disclosure
systems | windows
advisories | CVE-2019-1125
SHA-256 | 97c7f1bfac2298891dcb61e8c551eb43a94ba5aa1cbb726ea737dee6af790bb9
Windows Kernel Double Fetches
Posted Feb 22, 2018
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0809
SHA-256 | 04bd702a96710210ed2281a1b45d1698d4d195df575dc55bd9e354d475aaef45
Windows Kernel nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure
Posted Feb 20, 2018
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0832
SHA-256 | 199235f1e50c783934bc089610c17d71c6e7359a26462fdd0048024c134ddbae
Windows Kernel ATMFD.DLL NamedEscape 0x250C Pool Corruption
Posted Jun 20, 2016
Authored by Google Security Research, mjurczyk

The Adobe Type Manager Font Driver (ATMFD.DLL) responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape API call.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2016-3220
SHA-256 | 59929f0fa10d7193fd9b64ec3247eab0af43bf5e2900eabc5ec45b0d52b0f7bb
Windows Type-Confusion / Memory Corruption
Posted Sep 14, 2015
Authored by Google Security Research, matttait

The Windows Kernel is subject to two related kernel-mode type-confusion vulnerabilities inside win32k!xxxRemoteReconnect. In both cases, a user-mode parameter passed to the syscall is incorrectly resolved to its underlying kernel representation via ObReferenceObjectByHandle passing NULL as the "ObType" field (rather than *IoFileTypeObject and *IoDeviceTypeObject respectively). Because the type is not checked, if a handle of a type other than a HANDLE to a file and a device are passed, the kernel incorrectly uses the underlying representation of the object as a PFILE_OBJECT and a PDEVICE_OBJECT, causing memory corruption in the kernel.

tags | advisory, kernel, vulnerability
systems | linux, windows
SHA-256 | 1fc87129199a0c6cd9e6a9fa146cc6e891c7331266896538d14fc884c57013ba
Windows win32k!NtUserSetInformationThread Type Confusion
Posted Sep 9, 2015
Authored by Google Security Research, matttait

The Windows Kernel is subject to a kernel-mode type-confusion vulnerability inside win32k!NtUserSetInformationThread due to referencing a user-mode handle via ObReferenceObjectByHandle with a "NULL" type specified (it should instead be using *LpcPortObjectType to protect against this vulnerability). This vulnerability can be triggered from inside CSRSS via the syscall win32k!NtUserSetInformationThread with ThreadInformationClass set to "UserThreadCsrApiPort" and the parameter of the syscall set to a HANDLE that is not an LPC object.

tags | advisory, kernel
systems | linux, windows
SHA-256 | f08ca467d2241babc70e51da65057abb65b9ecf85249b35405cfc513910c45d6
Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a stack-based buffer overflow vulnerability when handling a malformed document.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-0064
SHA-256 | fc3f3a43acba1f2993d16df8be2f8af7217caf24ea88bc37b3ab71571b41e296
Security Flash Heap Use-After-Free In SurfaceFilterList::C​reateFromScriptAtom
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Flash suffers from a use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.

tags | exploit
systems | linux
advisories | CVE-2015-5563
SHA-256 | f25272c8a1f372c28e643e729835debc9a97b7068e8da8e97a5a220acf1e5a89
Flash Bypass Of Length Vs. Cookie Validation
Posted Aug 21, 2015
Authored by Chris Evans, Google Security Research

Flash version 18.0.0.209 contains new mitigations to defend against corruptions of Vector.<uint> (and other) lengths. One of these mitigations, at Vector access time, compares the Vector's in-memory length with a representation of the same length XOR'ed with a secret cookie. The bypass comes about because the secret cookie value is stored inside a structure, and a pointer to that structure is stored alongside the Vector length.

tags | exploit
systems | linux
advisories | CVE-2015-5125
SHA-256 | fcdf12cd364c0ea733d2eac6b27e7d2f9f878fe5206bb8c75cbfc449ce599745
Flash AS2 Use After Free In TextField.filters
Posted Aug 21, 2015
Authored by Google Security Research, bilou

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
advisories | CVE-2015-5561
SHA-256 | 45e43f90ddcb052986798b06cfd1f46ebd1983e9b8561f2e5e9f429141da9e39
Adobe Flash Overflow In ID3 Tag Parsing
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. This issue only works on 64 bit platforms.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5560
SHA-256 | 35155caf981a1919c824478ec4353bf7b0386be80fed9f35592dd6d487b2c05c
Adobe Flash Shared Object Lacks Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.

tags | exploit
systems | linux
advisories | CVE-2015-5562
SHA-256 | 19f7464f744154d2d6dd211423377f3e324df119f1b2817fad6a0f7b4e6ae5f4
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close