em Posted May 24, 2013 Report Posted May 24, 2013 (edited) A Google security engineer has not only discovered a Windows zero-day flaw, but has also stated that Microsoft has a knack of treating outside researchers with great hostility.Tavis Ormandy, a Google security engineer, exposed the flaw on Full Disclosure, that could be used to crash PCs or gain additional access rights. The issue is less critical than other flaws as it's not a remotely exploitable one.Ormandy said on Full Disclosure, "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation.".He's been working on it for months, and according to a later post, he has now a working exploit that "grants SYSTEM on all currently supported versions of Windows." "I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools," Ormandy adds.Sursa aiciBucata de text intre ghilimele am gasit-o aici in comentariiBanuiesc ca nu e fake dar nu avem sursa.Further readinghttp://seclists.org/fulldisclosure/2013/May/111Si un cod demo care ar fi incomplet. Edited May 24, 2013 by em Quote
1337 Posted May 24, 2013 Report Posted May 24, 2013 # # ms12-020 "chinese shit" PoC # # tested on winsp3 spanish, from localhost - Pastebin.comPrivate Paste - Pastie Quote
Nytro Posted May 24, 2013 Report Posted May 24, 2013 https://rstforums.com/forum/69673-win32k-epathobj-pprflattenrec-uninitialized-next-pointer-testcase.rst Quote
