Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)

EDB-ID:

38268


Type:

dos


Platform:

Windows_x86

Date:

2015-09-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

Source: https://code.google.com/p/google-security-research/issues/detail?id=321

The PoC triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.  The trigger depends on the current window layout and resolution. The PoC takes an offset on the command line to be able to test with different values, I tested this on two different Win7 32-bit VM's and had success with 0 and 475000 (Resolution was 1024x768 and 1280x1024). A bruteforce Python script is also attached which should trigger a crash fairly quickly.

Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38268.zip