Previous Entry Share Next Entry
Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit
so sleepy
eas7 wrote in ru_girls_hack
Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit
// ----------------------------------------- taviso <at> cmpxchg8b.com ----- //
// INTRODUCTION //
// There's a pretty obvious bug in win32k!EPATHOBJ::pprFlattenRec where the
// PATHREC object returned by win32k!EPATHOBJ::newpathrec doesn't initialise the
// next list pointer. The bug is really nice, but exploitation when
// allocations start failing is tricky.

explot: http://article.gmane.org/gmane.comp.security.full-disclosure/89491

?

Log in

No account? Create an account