From 3a72c13375847c97cefc4aa821029eecfc59df50 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Thu, 10 Aug 2017 05:01:21 +0000 Subject: [PATCH] DB: 2017-08-10 1 new exploits Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2) --- files.csv | 1 + platforms/win_x86-64/local/42435.txt | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100755 platforms/win_x86-64/local/42435.txt diff --git a/files.csv b/files.csv index 9b7e00b1d..a3288d0d0 100644 --- a/files.csv +++ b/files.csv @@ -9176,6 +9176,7 @@ id,file,description,date,author,platform,type,port 42426,platforms/windows/local/42426.txt,"VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation",2017-08-03,"Google Security Research",windows,local,0 42429,platforms/windows/local/42429.py,"Microsoft Windows - '.LNK' Shortcut File Code Execution",2017-08-06,nixawk,windows,local,0 42432,platforms/windows/local/42432.cpp,"Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)",2017-07-19,Saif,windows,local,0 +42435,platforms/win_x86-64/local/42435.txt,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)",2017-08-08,SensePost,win_x86-64,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 diff --git a/platforms/win_x86-64/local/42435.txt b/platforms/win_x86-64/local/42435.txt new file mode 100755 index 000000000..b44d3192b --- /dev/null +++ b/platforms/win_x86-64/local/42435.txt @@ -0,0 +1,14 @@ +Sources: +- https://github.com/sensepost/gdi-palettes-exp +- https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/ + +Windows 7 SP1 x86 exploit presented at DEF CON 25 involving the abuse of a newly discovered GDI object abuse technique. + +DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects + +- https://www.defcon.org/html/defcon-25/dc-25-speakers.html#El-Sherei +- https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/5A1F/ + + +Proof of Concept: +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42435.zip \ No newline at end of file