Windows kernel: FlashWindowEx memory corruption

VasiaB / google-security-research

Automatically exported from code.google.com/p/google-security-research

0 stars 0 forks source link

Windows kernel: FlashWindowEx memory corruption #475

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

Credit is to "Nils Sommer of bytegeist, working with Google Project Zero".

---
The attached PoC triggers a wild write on Win 7 32-bit with Special Pool 
enabled on win32k.sys.

---

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by cev...@google.com on 6 Jul 2015 at 7:35

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by cev...@google.com on 6 Jul 2015 at 8:38

Added labels: Id-30598

GoogleCodeExporter commented 9 years ago

Original comment by haw...@google.com on 21 Aug 2015 at 6:58

GoogleCodeExporter commented 9 years ago

Fixed in September bulletin MS15-097

Original comment by haw...@google.com on 21 Sep 2015 at 8:45

Changed state: Fixed
Added labels: CVE-2015-2511

GoogleCodeExporter commented 9 years ago

Original comment by haw...@google.com on 21 Sep 2015 at 9:39

Removed labels: Restrict-View-Commit

VasiaB / google-security-research

Windows kernel: FlashWindowEx​ memory corruption #475

Windows kernel: FlashWindowEx memory corruption #475