Just a short (almost copy-pasted from j00ru's blog) post with the original advisories of the vulnerabilities we've talked about on CONFidence (and earlier on Hack In The Box Dubai), with slides used by as on the CONFidence conference. The advisories contain most of the technical details we've discussed during the lectures (and some time even more ;>).
A bundle with all the advisories can be downloaded here (864 kB).
If you prefer to download/open single advisories:
* Windows CSRSS Local Privilege Elevation Vulnerability (CVE-2010-0023)
* Windows Kernel Null Pointer Vulnerability (CVE-2010-0234)
* Windows Kernel Symbolic Link Value Vulnerability (CVE-2010-0235)
* Windows Kernel Memory Allocation Vulnerability (CVE-2010-0236)
* Windows Kernel Symbolic link Creation Vulnerability (CVE-2010-0237)
* Windows Kernel Symbolic link Creation Vulnerability (CVE-2010-0237; same as above, Microsoft merged these two into one)
* Windows Kernel Registry Key Vulnerability (CVE-2010-0238)
The slides presented during our lecture can be found here (1.6 MB).
Take care and have fun reading the above :)
Sections
- lang:
| 
- RSS: |
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- xz/liblzma: Bash-stage Obfuscation Explained,
- Two of my bookmarklets: image extraction and simple TTS,
- Paged Out! #3 is out,
- My howto script,
- Talk: PCI Express to Hell,
- Live: On Leaving Google and What's Next,
- Thoughts on overlarge fields in formats and protocols,
- On self-healing code and the obvious issue,
- LLM + Clean Room: Will LLMs be the death of code copyrights?,
- Solving a VM-based CTF challenge without solving it properly,
- → see all posts on main page
Comments:
Firstly, Thank you so much for your Kernel Research.
I'm from China(Mainland). And I am teaching OS Course in a University. I need a Exe file(encrypted or unencrypted) of PoC to demonstrate on my course.
PoC of Windows Kernel Symbolic Link Value Vulnerability (CVE-2010-0235) or Windows Kernel Memory Allocation Vulnerability (CVE-2010-0236).
Thank you so much. 再次感谢。
My Email:tlove111@163.com
Hi :)
I'm afraid we've decided not to publish the PoC exploits at this moment, sorry ;<
Take care!
You could encrypt the Exe with VM. I only need a Exe to demonstrate. Because I'm not familiar with Kernel Exploit.
The Vulnerability has been disclosed for over Two months.
Thank you so much
My Email:tlove111@163.com
Hi,
I'm really sorry, but as I've said, the PoC exploits will not be published yet.
If you want to demonstrate a kernel exploit, you can always use Tavis Ormandy's ntvdm exploit, that he released in January (I think you can find the advisory on bugtraq/full disclosure lists; the adv. has a link to PoC if I remember correctly).
Take care!
Add a comment: