Closed hacksysteam closed 6 years ago
A nice variation of this is writing an uncontrolled kernel pointer where as in https://labs.bluefrostsecurity.de/publications/2016/01/07/exploiting-cve-2014-4113-on-windows-8.1/
@sam-b, could you elaborate it. The idea is the attacker has an opportunity to write NULL at arbitrary memory location. This is same as Write What Where in which Where = NULL
@sam-b, correction, What = NULL
@hacksysteam so this was a similar issue but the Where value was an unknown pointer to kernel memory, since the first two bytes of a kernel pointer will always be 0xFF it can be used to priv esc.
Implement
Write NULL Where
Vulnerability inHackSys Extreme Vulnerable Driver
.