Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)

EDB-ID:

38265

Type:

dos

Platform:

Windows_x86

Published:

2015-09-22

Source: https://code.google.com/p/google-security-research/issues/detail?id=311

Bitmap object Use-after-Free #2

The attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however you can use Special Pool in order to get reliable crashes. The crashes indicate that it is possible to write to arbitrary addresses.

---
please find the PoC and brief analysis for the issue attached. The analysis mentions how Special Pool can be used to get very reliable crashes, it should crash without Special Pool after a while as well. 
--

Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38265.zip