Nytro Posted October 1, 2015 Report Share Posted October 1, 2015 [h=1]Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)[/h]Source: https://code.google.com/p/google-security-research/issues/detail?id=474---The attached PoC triggers a buffer overflow in the NtGdiBitBlt? system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys---Proof of Concept:https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38307.zipSursa: https://www.exploit-db.com/exploits/38307/ Quote Link to comment Share on other sites More sharing options...
Psiho Posted October 1, 2015 Report Share Posted October 1, 2015 Are cel putin 6 luni,doar acum o aparut la lumina,dar pe piata neagra circula de ceva timp,cred ca tipul ala a cumparat exploitul si la publicat,nu cred ca e facut de el. Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 1, 2015 Author Report Share Posted October 1, 2015 Nu cred ca Nils e genul de om care sa cumpere asa ceva. Dar cred ca e genul de om care sa gaseasca asa ceva. Quote Link to comment Share on other sites More sharing options...
Che Posted October 1, 2015 Report Share Posted October 1, 2015 Nu cred ca Nils e genul de om care sa cumpere asa ceva. Dar cred ca e genul de om care sa gaseasca asa ceva.https://www.exploit-db.com/author/?a=8268Vad ca are o gramada publicate si 90% din ele sunt pe 22.09.2015 si restul pe 24.09.2015, si toate in Windows Kernel. Cred ca studiaza kernelul sa vada ce gaseste, i-o fi facand un fel de fuzzy sau cum le gaseste oare asa de multe si intr-un timp atat de scurt ? Quote Link to comment Share on other sites More sharing options...
Nytro Posted October 1, 2015 Author Report Share Posted October 1, 2015 Probabil foloseste un fuzzer, insa nu le-a descoperit pe toate in 2 zile. Sunt descoperite de-a lungul unei perioade mari, de exemplu un an.Pe exploit-db le-a dat (el sau altcineva) submit la gramada in acea perioada, de aceea apar atunci. Probabil pe issue-urile de pe Project Zero apar mai concret niste date. Quote Link to comment Share on other sites More sharing options...
neox Posted October 2, 2015 Report Share Posted October 2, 2015 Majoritatea exploiturilor de genul acesta sunt gasite pe o durata mai lunga.De exemplu daca tipul lucreaza intr-o companie IT il foloseste exploitul pentru demo (Instruire interna sau Instruire $) pe urma il face public. Quote Link to comment Share on other sites More sharing options...