漏洞概要

缺陷编号:
CVE-2016-3309

漏洞标题:
Microsoft Windows 10 x64 RS2 – 'win32kfull!bFill' Pool Overflow

提交时间:
2017-10-06

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 21 人关注

漏洞详情

EDB-ID: 42960 Author: siberas Published: 2017-10-06
CVE:
CVE-2016-3309
Type: Local Platform: Win_x86-64
Aliases:
N/A
Advisory/Source: Link Tags:
N/A

E-DB Verified:
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
Sources:
https://siberas.de/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloaded.html
https://github.com/siberas/CVE-2016-3309_Reloaded

Exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft's September Updates).

The Visual Studio solution contains three exploits:

CVE-2016-3309_Reloaded_Bitmaps: Exploit using the Bitmaps technique
CVE-2016-3309_Reloaded_Palettes: Exploit using the Palettes technique
CVE-2016-3309_Reloaded_Deadlock: POC exploit showcasing the system deadlock which happens due to improved Handle validation

We also published a blog post (https://siberas.de/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloaded.html) which goes into detail about the exploitation of this "wild" Pool-based overflow.


Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42960.zip

发表评论

电子邮件地址不会被公开。 必填项已用*标注