9 lines
No EOL
601 B
Text
9 lines
No EOL
601 B
Text
Source: https://code.google.com/p/google-security-research/issues/detail?id=510
|
|
|
|
The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove opperation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory.
|
|
|
|
When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.
|
|
---
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/38794.zip |