Windows kernel null pointer dereference in win32k!OffsetChildren

GoogleCodeExporter commented 8 years ago

Credit is to "Nils Sommer of bytegeist, working with Google Project Zero".

---
The attached PoC triggers a null pointer vulnerability in OffsetChildren on 
Windows 7 32-bit. By mapping the null page an attacker can leverage this 
vulnerability to write to an arbitrary address.

---

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by haw...@google.com on 23 Sep 2015 at 6:38

Attachments:

GoogleCodeExporter commented 8 years ago

Original comment by haw...@google.com on 23 Sep 2015 at 7:38

Added labels: MSRC-31280

GoogleCodeExporter commented 8 years ago

Original comment by haw...@google.com on 5 Dec 2015 at 12:22

Added labels: CVE-2015-6171

GoogleCodeExporter commented 8 years ago

Original comment by scvi...@google.com on 17 Dec 2015 at 5:57

Changed state: Fixed
Removed labels: Restrict-View-Commit

xti9er / google-security-research

Windows kernel null pointer dereference in win32k!OffsetChildren #544