533 - win32k clipboard Bitmap use-after-free vulnerability - project-zero

Starred by 2 users

Status:	Fixed
Owner:	hawkes@google.com
Closed:	Dec 2015
Cc:	█ nils.som...@gmail.com project-...@google.com
MSRC-31227 Deadline-90 Finder-Nils CVE-2015-6173 Reported-2015-Sep-17 Product-Windows CCProjectZeroMembers Severity-High Vendor-Microsoft

win32k clipboard Bitmap use-after-free vulnerability

Project Member Reported by hawkes@google.com, Sep 17 2015

Back to list

Credit is to "Nils Sommer of bytegeist, working with Google Project Zero".

---
This PoC triggers a crash on Windows 7 32-bit with Special Pool enabled on win32k.sys. The kernel crashes due to a use-after-free condition with bitmaps in the clipboard.
---

Note that multiple PoC executions and simulated system activity may be required to trigger this issue.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

debugger.txt
70.9 KB View Download

poc7.cpp
1.1 KB Download

Project Member Comment 1 by hawkes@google.com, Dec 3 2015

Labels: MSRC-31227

Project Member Comment 2 by hawkes@google.com, Dec 5 2015

Labels: CVE-2015-6173

Project Member Comment 3 by scvitti@google.com, Dec 17 2015

Labels: -Restrict-View-Commit
Status: Fixed

► Sign in to add a comment