Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

1 Kicks

Exploiting the win32k!xxxEnableWndSBArrows use-after-free

Earlier this year I worked on an exploit for an interesting use-after-free vulnerability in win32k.sys (CVE-2015-0057) and was able to develop a reliable exploit on both 32-bit and 64-bit, affecting XP through Windows 8.1 (with a few exceptions). This writeup describes in detail how I approached exploitation on both architectures, which ended up being somewhat different. I also describe how exploitation works on Windows 8.1 with SMEP and in a low integrity environment. The post is quite long, but I try to provide a lot of detail to demonstrate what is involved in exploiting this bug instead of glazing over details, although I do still glaze over some. Hopefully the level of detail is helpful.


Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network