Microsoft Windows Kernel – ‘win32k!vSolidFillRect’ Buffer Overflow (MS15-061)

Exploit Database
13 阅读

作者： Nils Sommer

日期： 2015-09-22
类别：
- dos
平台：
- windows_x86
来源：https://www.exploit-db.com/exploits/38270/

Source: https://code.google.com/p/google-security-research/issues/detail?id=313

The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Without Special Pool we often get a crash in the same function, but sometimes it crashes in a different function (similar to another issue, however with a different offset). This might be a result of the memory corruption or an out-of-memory condition before the overflow is triggered. Debugger output for all three different crashes attached.

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38270.zip

last Exploits
Microsoft Windows Kernel – ‘win32k!vSolidFillRect’ Buffer Overflow (MS15-061)的更多信息

Microsoft Windows – GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097)：
Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC)：
SAP SAPCAR – Multiple Vulnerabilities：
VMware Workstation 12.5.2 – Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)：
Modbus Slave 7.0.0 – Denial of Service (PoC)：
Kaspersky AntiVirus – UPX Parsing Memory Corruption：
Acrobat Reader 9.4 – Memory Corruption：
Wireshark – dissect_zcl_pwr_prof_pwrprofstatersp Static Out-of-Bounds Read：