|
|
Windows kernel: pool buffer overflow drawing caption bar | |||
| Reported by cevans@google.com, Apr 8 2015 | Back to list | |||
Credit is to "Nils Sommer of bytegeist, working with Google Project Zero". I managed to get a blue screen easily (Win 7 32-bit) but had to use the bruteforce python script, perhaps because my VM resolution is 800x600. Note that the Python script is Python 3 syntax. --- The PoC triggers a crashes due to a pool buffer overflow while drawing the caption bar of window. The trigger depends on the current window layout and resolution. The PoC takes an offset on the command line to be able to test with different values, I tested this on two different Win7 32-bit VM's and had success with 0 and 475000 (Resolution was 1024x768 and 1280x1024). A bruteforce Python script is also attached which should trigger a crash fairly quickly. Use as follows: cl.exe bug321 .cpp user32.lib bug321 .exe 0 --- This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
Comment 1
by
cevans@google.com,
Apr 8 2015
,
Jun 4 2015
,
Jun 9 2015
,
Sep 21 2015
|
||||
| ► Sign in to add a comment | ||||