CVE-2021-27965 PoC — Microsoft MSI Dragon Center 缓冲区错误漏洞

Source

https://github.com/Jeromeyoung/CVE-2021-27965

Associated Vulnerability

Title:Microsoft MSI Dragon Center 缓冲区错误漏洞 (CVE-2021-27965)
Description:MSI Dragon Center 2.0.98.0之前版本中的 MsIo64.sys驱动程序的1.1.19.1016之前版本中存在缓冲区错误漏洞，该漏洞允许通过一个精巧的请求进行权限升级。

Description

Proof of concept for CVE-2021-27965 (Stack-based Buffer Overflow)

Readme

# CVE-2021-27965
 Proof of concept for CVE-2021-27965 (Stack-based Buffer Overflow)

NOTE: I probably will not update this any further (there is still a chance I will finish it). I currently have the ability to cleanly overwrite the instruction pointer, but I believe that this is enough to prove I have the skill required to at least exploit a easy, but real-world kernel device driver. I will research the other CVE-2021-27965 exploit on tips on fixing this.

The reason why I didn't finish it? I have to use a specific token-stealing shellcode to prevent crashing, which would require me to re-write most of the exploit (which, I do not want to do).

File Snapshot


 [4.0K]  /data/pocs/93a28f115197449b284ca7b12d1091e58586fffc
├── [4.0K]  CVE-2021-27965
│   ├── [2.8K]  CVE-2021-27965.c
│   ├── [ 462]  CVE-2021-27965.h
│   ├── [1.4K]  CVE-2021-27965.sln
│   ├── [7.0K]  CVE-2021-27965.vcxproj
│   └── [1.1K]  CVE-2021-27965.vcxproj.filters
└── [ 653]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!