Clik here to view.
MS10-073: Windows Class Handling Gone Wrong
In MS10-073, Microsoft addressed a privilege escalation vulnerability (CVE-2010-2744) in windows class data handling, affecting all supported versions of Windows. In this blog post, we will examine the...
View ArticleClik here to view.
CVE-2010-3941: Windows VDM Task Initialization Vulnerability
In MS10-098, Microsoft patched multiple vulnerabilities reported in win32k.sys that could be leveraged by a non-privileged user to gain elevated rights on a vulnerable system. One of the...
View ArticleKernel Pool Exploitation on Windows 7
As some of you already may have noticed, I’ll be speaking at Black Hat DC this year. The talk is titled Kernel Pool Exploitation on Windows 7 and covers the inner workings of the Windows 7 kernel pool...
View ArticleClik here to view.
Thread Desynchronization Issues in Windows Message Handling
This week, Microsoft issued MS11-012 to resolve yet another batch of vulnerabilities in win32k.sys. The bulletin addressed three elevation of privilege vulnerabilities in window class data handling...
View ArticleMitigating Null Pointer Exploitation on Windows
As part of a small research project, I recently looked into how exploitation of null pointer vulnerabilities could be mitigated on Windows. The problem with many of the recent vulnerabilities affecting...
View ArticleClik here to view.
Oracle VirtualBox Integer Overflow Vulnerabilities
In VirtualBox 4.0.10 and the Critical Patch Update for July 2011, Oracle addressed two vulnerabilities that could be leveraged by an attacker to gain elevated privileges in a Windows guest...
View ArticleWindows Hooks of Death: Kernel Attacks through User-Mode Callbacks
At Black Hat USA 2011, I presented the research that lead up to the 44 vulnerabilities addressed in MS11-034 and MS11-054. These vulnerabilities were indirectly introduced by the user-mode callback...
View ArticleClik here to view.
CVE-2012-0148: A Deep Dive Into AFD
This week, Microsoft addressed two vulnerabilities in the Ancillary Function Driver (AFD) that could allow non-privileged users to elevate their privileges to SYSTEM. In this blog entry, we look at one...
View Article
