CVE-2018-19320 PoC — 多款GIGABYTE产品访问控制错误漏洞

Source

https://github.com/ASkyeye/CVE-2018-19320

Associated Vulnerability

Title:多款GIGABYTE产品访问控制错误漏洞 (CVE-2018-19320)
Description:GIGABYTE APP Center等都是中国技嘉科技（GIGABYTE Technology）公司的产品。GIGABYTE APP Center是一款用于管理、更新技嘉产品工具程序的软件。AORUS GRAPHICS ENGINE是一款显卡超频软件。多款GIGABYTE产品中的GDrv低级别驱动程序存在安全漏洞。攻击者可利用该漏洞完全控制受影响的系统。以下产品和版本受到影响：GIGABYTE APP Center 1.05.21及之前版本；AORUS GRAPHICS ENGINE 1.33及之前版

Description

Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)

Readme

# CVE-2018-19320

Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE) as documented here: http://deniable.org/windows/windows-callbacks

### References

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19320
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities

File Snapshot


 [4.0K]  /data/pocs/f5c8dfba467d7b23d24d88d60b0e85237745c471
├── [4.0K]  Gigabyte_CI
│   ├── [4.0K]  Gigabyte_CI
│   │   ├── [7.8K]  Gigabyte_CI.cpp
│   │   ├── [8.4K]  Gigabyte_CI.vcxproj
│   │   ├── [1.2K]  Gigabyte_CI.vcxproj.filters
│   │   ├── [ 165]  Gigabyte_CI.vcxproj.user
│   │   ├── [ 598]  stdafx.cpp
│   │   ├── [3.4K]  stdafx.h
│   │   └── [ 630]  targetver.h
│   └── [1.4K]  Gigabyte_CI.sln
└── [ 347]  README.md

2 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!