CVE-2019-18845 PoC — Patriot Viper RGB 安全漏洞

Source

https://github.com/fengjixuchui/CVE-2019-18845

Associated Vulnerability

Title:Patriot Viper RGB 安全漏洞 (CVE-2019-18845)
Description:Patriot Viper RGB是中国台湾Patriot公司的一款内存模块设备。 Patriot Viper RGB 1.1之前版本中的MsIo64.sys和MsIo32.sys驱动程序存在安全漏洞。本地攻击者可利用该漏洞对任意位置的内存进行读写操作，进而获取NT AUTHORITYSYSTEM权限。

Description

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

Readme

# CVE-2019-18845
 The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

 To be honest, I really do not want to figure out how the arbitrary physical memory read/write primitive works. Yes, I am lazy, but I will be coming back to this after I read some more papers.

File Snapshot


 [4.0K]  /data/pocs/cdf80a6809a23e741524538b3e3459ba10e0c724
├── [4.0K]  CVE-2019-18845
│   ├── [1.4K]  CVE-2019-18845.sln
│   ├── [7.0K]  CVE-2019-18845.vcxproj
│   ├── [1.0K]  CVE-2019-18845.vcxproj.filters
│   ├── [1.4K]  exploit.c
│   └── [ 401]  exploit.h
└── [ 540]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!