vendor:
Project Zero
by:
Project Zero
7,8
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Project Zero
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 x64
2016
DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks
The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output. To reproduce, compile the PoC as a x64 binary (requires linking with setupapi.lib, and WDK for D3DKMTEscape), and run. It may require some changes as for it to work as the escape data must contain the right values (e.g. a field that appears to be gpu bus device function).
Mitigation:
Input validation should be performed to ensure that the size of the input data is within the expected bounds.
