header-logo
Suggest Exploit
vendor:
Windows 10
by:
Siberas
7,8
CVSS
HIGH
Pool-based overflow
119
CWE
Product Name: Windows 10
Affected Version From: Windows 10 x64 with Creators Update, build 15063.540
Affected Version To: Windows 10 x64 with Creators Update, build 15063.540
Patch Exists: Yes
Related CWE: CVE-2016-3309
CPE: o:microsoft:windows_10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2017

Exploits for win32kfull!bFill vulnerability

Exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft's September Updates). The Visual Studio solution contains three exploits: CVE-2016-3309_Reloaded_Bitmaps, CVE-2016-3309_Reloaded_Palettes and CVE-2016-3309_Reloaded_Deadlock.

Mitigation:

Microsoft released a patch for this vulnerability in September 2017
Source

Exploit-DB raw data:

Sources:
https://siberas.de/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloaded.html
https://github.com/siberas/CVE-2016-3309_Reloaded

Exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft's September Updates).

The Visual Studio solution contains three exploits:

CVE-2016-3309_Reloaded_Bitmaps: Exploit using the Bitmaps technique
CVE-2016-3309_Reloaded_Palettes: Exploit using the Palettes technique
CVE-2016-3309_Reloaded_Deadlock: POC exploit showcasing the system deadlock which happens due to improved Handle validation

We also published a blog post (https://siberas.de/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloaded.html) which goes into detail about the exploitation of this "wild" Pool-based overflow.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42960.zip

Navigation

Suggest Exploit

Services By CQR