Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)

EDB-ID:

38268

Type:

dos

Platform:

Windows_x86

Published:

2015-09-22

Source: https://code.google.com/p/google-security-research/issues/detail?id=321

The PoC triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.  The trigger depends on the current window layout and resolution. The PoC takes an offset on the command line to be able to test with different values, I tested this on two different Win7 32-bit VM's and had success with 0 and 475000 (Resolution was 1024x768 and 1280x1024). A bruteforce Python script is also attached which should trigger a crash fairly quickly.

Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38268.zip