vendor:
HitmanPro
by:
Tarjei Mandt
7,8
CVSS
HIGH
Kernel Pool Buffer Overflow
119
CWE
Product Name: HitmanPro
Affected Version From: HitmanPro 3.7.9
Affected Version To: HitmanPro 3.7.9
Patch Exists: YES
Related CWE: CVE-2017-6008
CPE: a:surfright:hitmanpro
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7, Windows 10
2017
Exploit-CVE-2017-6008
CVE-2017-6008 is a vulnerability in the HitmanPro scan that allows privilege escalation by exploiting a kernel pool buffer overflow. The exploits here use the Quota Process Pointer Overwrite attack as described in the Tarjei Mandt's paper. It also uses the Pool sprayer library. A detailed paper on the Windows 7 exploit is available at https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/. The Windows 10 version uses another vulnerability in the hitmanpro37.sys driver, an Out-Of-Bounds read, which is used to leak the Pool Cookie. This leak allows us to use the very same attack on Windows 10. A detailed paper of the exploit on Windows 10 is available at https://trackwatch.com/.
Mitigation:
The vendor has released a patch to address this vulnerability.
