CVE-2020-17382 PoC — MSI Ambient Link Driver 缓冲区错误漏洞

Source

https://github.com/houseofint3/CVE-2020-17382

Associated Vulnerability

Title:MSI Ambient Link Driver 缓冲区错误漏洞 (CVE-2020-17382)
Description:Micro Star MSI Ambient Link Driver是中国台湾微星科技（Micro Star）公司的一款游戏驱动程序。 MSI Ambient Link Driver 1.0.0.8版本存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Description

CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit

Readme

### CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit

Kudos to [@matteomalvica](https://twitter.com/matteomalvica) for asking me so many questions about this vulnerability that forced me to write an exploit for him for the latest Windows 10 release 19041.264 without KVA Shadow (i.e. non Specter vulnerable CPUs) and without VBS. Trivial to adapt to older Windows versions (Matteo adapted it to 1709, check his blog [post](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/)).

On CPUs vulnerable to [CVE-2018-3620](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018) it becomes tricky because your ROP chain will grow considerably to make the PML4 executable, and you will end up overwriting stack cookies of the **ntoskrnl** function where you "want" to return.

Credits and original advisory here https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities

File Snapshot


 [4.0K]  /data/pocs/d744a1eefe40dc75adf6fae1e3a9f1259398bc73
├── [3.5K]  CVE-2020-17382.c
└── [ 951]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!