search

hacksysteam / HackSysExtremeVulnerableDriver

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
https://hacksys.io
GNU General Public License v3.0
2.42k stars 525 forks source link

Write NULL vulnerability implementation error? #26

Closed benoitsevens closed 5 years ago

benoitsevens commented 5 years ago

There seems to me a problem with the implementation of the Write NULL vulnerability.

Currently, it is not writing NULL to the address pointed to by the user buffer, but to the user buffer itself.

To correct this, I think there should be a second dereference operator on multiple lines:

DbgPrint("[+] *(UserBuffer): 0x%p\n", (PVOID *)UserBuffer);

should become:

DbgPrint("[+] *(UserBuffer): 0x%p\n", *(PVOID *)UserBuffer);

And

*(PVOID *)UserBuffer = NULL;

should become:

**(PVOID *)UserBuffer = NULL;

Or am I missing something?

hacksysteam commented 5 years ago

Hi @b3n7s

Thanks for the report. From the report, it seems you are right.

I'll investigate and push a fix if needed.

Thanks.

hacksysteam commented 5 years ago

This is a valid bug. Fixed locally. Will push it soon with HEVD v3.0

Thanks for the bug report. Much appreciated.

hacksysteam commented 5 years ago

Fixed with HEVD v3.00