[REVS] Exploiting Windows Device Drivers
From: SecuriTeam (support_at_securiteam.com)
Date: 10/17/05
- Previous message: SecuriTeam: "[NT] GFI MailSecurity Web Module Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 17 Oct 2005 09:59:38 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Exploiting Windows Device Drivers
------------------------------------------------------------------------
SUMMARY
Presented here is a whitepaper on exploiting Windows device drivers, with
a step-by-step explanation on how to exploit the vulnerability and get a
shellcode running.
DETAILS
Introduction:
Device driver vulnerabilities are increasingly becoming a major threat to
the security of Windows and other operating systems. It is a relatively
new area, thus very few technical papers covering this subject are
available. To the author's knowledge, the first windows device driver
attack was presented by SEC-LABS team in the "Win32 Device Drivers
Communication Vulnerabilities" whitepaper.
This publication presented useful technique of drivers exploitation and
layed a ground for further research. Second publication surely worth to
mention is the article by Barnaby Jack, titled "Remote Windows Kernel
Exploitation Step into the Ring 0".
Due to lack of technical paper on the discussed subject, Piotr Bania
decided to share results of his own research. In this paper a device
driver exploitation technique will be introduced, provide detailed
description of techniques used and include full exploit code with sample
vulnerable driver code for tests.
The reader should be familiar with IA-32 assembly and have previous
experience with software vulnerability exploitation. Plus, it is highly
recommended to read the two previously mentioned whitepapers.
ADDITIONAL INFORMATION
The original article can be found at:
<http://pb.specialised.info/all/articles/ewdd.pdf>
http://pb.specialised.info/all/articles/ewdd.pdf
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] GFI MailSecurity Web Module Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
