Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

1 Kicks

Exploiting the win32k!xxxEnableWndSBArrows use-after-free

Earlier this year I worked on an exploit for an interesting use-after-free vulnerability in win32k.sys (CVE-2015-0057) and was able to develop a reliable exploit on both 32-bit and 64-bit, affecting XP through Windows 8.1 (with a few exceptions). This writeup describes in detail how I approached exploitation on both architectures, which ended up being somewhat different. I also describe how exploitation works on Windows 8.1 with SMEP and in a low integrity environment. The post is quite long, but I try to provide a lot of detail to demonstrate what is involved in exploiting this bug instead of glazing over details, although I do still glaze over some. Hopefully the level of detail is helpful.

0 comments

Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network