Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)

EDB-ID:

38796


Type:

dos


Platform:

Windows

Date:

2015-11-23


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

Source: https://code.google.com/p/google-security-research/issues/detail?id=505

The attached testcase triggers a use-after-free condition in win32k. The attached debugger output was triggered on Windows 7 with Special Pool enabled on win32k.sys. 
---

Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38796.zip