CVE-2011-1237 PoC — Microsoft Windows多个平台内核模式驱动程序Win32k释放后使用漏洞

Source

https://github.com/BrunoPujos/CVE-2011-1237

Associated Vulnerability

Title:Microsoft Windows多个平台内核模式驱动程序Win32k释放后使用漏洞 (CVE-2011-1237)
Description:Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。由于Windows内核模式驱动程序管理内核模式驱动程序对象的方式，因此存在特权提升漏洞。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。

Description

POC for exploit of CVE-2011-1237

Readme

## CVE-2011-1237

This is an old POC for CVE-2011-1237 on Windows 7 written in 2013. The
vulnerability was discovered by Tarjei Mandt ([@kernelpool](https://twitter.com/kernelpool))
and explain in his paper [Kernel Attacks through User-Mode Callbacks](https://media.blackhat.com/bh-us-11/Mandt/BH_US_11_Mandt_win32k_WP.pdf).

Several things are hardcoded in this POC and it call the Null page which does
not work anymore. The exploit is describe in my talk
[A Look into the Windows Kernel](https://lse.epita.fr/lse-summer-week-2013/slides/lse-summer-week-2013-26-Bruno%20Pujos-A%20Look%20into%20the%20Windows%20Kernel.pdf).

The only thing the shellcode does is trigger a breakpoint.

File Snapshot


 [4.0K]  /data/pocs/d127ecdb8de8fff646806bbc8bc56275c1093615
├── [ 14K]  cve.cpp
└── [ 684]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!