what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Windows Kernel Key Replication Issues
Posted Feb 10, 2023
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2023-21748, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774
SHA-256 | c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019

Related Files

Microsoft Windows Kernel win32k!NtGdiGetTextMetricsW Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetTextMetricsW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8472
SHA-256 | 452a60ea7f22d3485fb66dab895858ea5ae5d97f495c40b6a48d443f488ee463
Microsoft Windows Kernel win32k!NtGdiGetOutlineTextMetricsInternalW Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetOutlineTextMetricsInternalW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8471
SHA-256 | 6b0483ac8c7084d6f07518a7b6d52ea02ea6b591c1326fd68c85a80992228041
Microsoft Windows Kernel win32k!NtGdiExtGetObjectW Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiExtGetObjectW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8470
SHA-256 | 90e80047a0d4a132243baeb8aa21d9d09ad984a2f1de80601d1524f2fe7763a0
Microsoft Windows Kernel nt!KiDispatchException Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in exception handling (nt!KiDispatchException).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8482
SHA-256 | 1b18eec30bf44bae86c16090bb09021fd1989f3f2f01f498da55a5b6f9f6af61
Microsoft Windows Kernel Pool nt!NtNotifyChangeDirectoryFile Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtNotifyChangeDirectoryFile.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0299
SHA-256 | f5a62635848b4df66c3c59102dc9f94c3f3f64aebc7d20967a6ba6686ba929ab
Microsoft Kernel Pool nt!NtQueryVolumeInformationFile Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQueryVolumeInformationFile (FileFsVolumeInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8462
SHA-256 | 7a216b3d781e5f5b776596a2e128a625b18fd8d53060b09e7eb8616feefe756d
Microsoft Windows Kernel Partmgr Pool IOCTL_DISK_GET_DRIVE_LAYOUT_EX Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a partmgr pool memory disclosure vulnerability in the handling of IOCTL_DISK_GET_DRIVE_LAYOUT_EX.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8469
SHA-256 | 134ea7f8792cd34df31a86be6a4e9d5ffad6bfeb7e4424af236c06797fbae602
Microsoft Windows Kernel Partmgr Pool IOCTL_DISK_GET_DRIVE_GEOMETRY_EX Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a partmgr pool memory disclosure vulnerability in the handling of IOCTL_DISK_GET_DRIVE_GEOMETRY_EX.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8492
SHA-256 | f6a18f75cd5bd00f8723ff33247243f8f2cc1a2f282d950fba1442c7408c376b
Microsoft Windows Kernel Volmgr Pool Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a volmgr pool memory disclosure vulnerability in the handling of IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8491
SHA-256 | 95f61aaad5708f6ec6b3bf9039b7ee243415d5f2667fb8e8ab3e2bed6bcbea1c
Microsoft Windows Kernel KsecDD Pool Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The IOCTL sent to the \Device\KsecDD device by the BCryptOpenAlgorithmProvider documented API returns some uninitialized pool memory in the output buffer of the Microsoft Windows kernel.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8489
SHA-256 | 181298dc8125caa44fe653cf66bdd843a48995cabcaa9871caa7e906bd030711
Microsoft Windows win32k!NtGdiGetOutlineTextMetricsInternalW Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure due to output structure alignment in win32k!NtGdiGetOutlineTextMetricsInternalW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8484
SHA-256 | 4e14cf8a1b4405808b8fbc591bba527439874570559f5451600a9def5ef7dc0a
EternalBlue Exploit Analysis And Port To Microsoft Windows 10
Posted Jun 7, 2017
Authored by Sean Dillon, Dylan Davis

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.

tags | paper, remote, kernel, vulnerability, code execution
systems | windows
SHA-256 | fa13189f37eae3318ce25b3bd600e5e83270e401b53f1a2fd4a6340b7b1a8803
Microsoft Windows Kernel bind() Out-Of-Bounds Read
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.

tags | exploit, denial of service, kernel
systems | windows
advisories | CVE-2017-0175, CVE-2017-0220
SHA-256 | 9b41916531e305ccf017e5064b5a3412788fbaa21187262224130f6886d5a773
Microsoft Windows Kernel win32kfull!SfnINLPUAHDRAWMENUITEM Memory Disclosure
Posted Apr 14, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32kfull!SfnINLPUAHDRAWMENUITEM.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0167
SHA-256 | 4c9b80091c609bb2d3baf00d69e5a53a22ed77aecd51bfbe4eab9ab9d4f8ecd1
Microsoft Windows Kernel Registry Hive Loading Crashes
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0103
SHA-256 | c0c9f385d6a3ca0455940f14112e0baedb6607593051dca745cd9940fced29ca
Microsoft Windows kernel win32k Denial Of Service
Posted Nov 14, 2016
Authored by TinySec

The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135.

tags | exploit, denial of service, kernel
systems | windows
advisories | CVE-2016-7255
SHA-256 | 5608064a4460ba56d403e729eaccc16f8c142217f04dfd4665278341d37ca2f8
Microsoft Windows Kernel NtUserScrollDC Memory Corruption
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
SHA-256 | 9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8
Microsoft Windows Kernel Use-After-Free
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-6100
SHA-256 | f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5
Windows Kernel BGetRealizedBrush Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2518
SHA-256 | 9748fca6fbb5ef34f232cdeeda20cce0f47e4feea1fa4c9a9f7b321d183c13cb
Windows Kernel FlashWindowEx Memory Corruption
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2511
SHA-256 | aa59811bd905801dec0d9cc27fe51730ae27b8776b206fdd60d6a08739d77ef3
Windows Kernel DeferWindowPos Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2366
SHA-256 | 9efdbf279fadc7781fc05c4c484e7fa55163ee3b825c2a7de5f5e364ae5d2187
Windows Kernel Printer Device Contexts Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2507
SHA-256 | a07b9af66e76968a00a50316dfce34128aec9040ef04506e03d9536f8f6a3dfe
Windows Kernel Cursor Object Use-After-Free
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2517
SHA-256 | 95d27966a74a174f8e04f20a3a1138c7d875365b2e9461676084a3fa4f84f1a6
Windows Kernel NtGdiStretchBlt Pool Buffer Overflow
Posted Sep 23, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-2512
SHA-256 | cec5a4d82cefd5f7408a48e23c6eaff40a66ebae181a5611b5534e09b970f5cc
Windows Kernel Win32k!vSolidFillRect Buffer Overflow
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-1725
SHA-256 | 25f32ba5359a051b672c78122c332f74c82b3772f7ba804f808898f00fe1a921
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close