header-logo
Suggest Exploit
vendor:
N/A
by:
Google Security Research
8,8
CVSS
HIGH
Use-after-Free
416
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2015

Bitmap object Use-after-Free #2

The attached PoC triggers a blue screen due to a use after free vulnerability. The PoC is a zip file containing a proof of concept exploit for a use-after-free vulnerability in the Bitmap object. The exploit allows an attacker to write to arbitrary addresses, which can be used to execute arbitrary code.

Mitigation:

Special Pool can be used to get very reliable crashes.
Source

Exploit-DB raw data:

Source: https://code.google.com/p/google-security-research/issues/detail?id=311

Bitmap object Use-after-Free #2

The attached PoC triggers a blue screen due to a use after free vulnerability. The crashes are unreliable, however you can use Special Pool in order to get reliable crashes. The crashes indicate that it is possible to write to arbitrary addresses.

---
please find the PoC and brief analysis for the issue attached. The analysis mentions how Special Pool can be used to get very reliable crashes, it should crash without Special Pool after a while as well. 
--

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38265.zip

Navigation

Suggest Exploit

Services By CQR