vendor:
Windows 7
by:
Packet Storm Security
9,3
CVSS
HIGH
SYSRET vulnerability
119
CWE
Product Name: Windows 7
Affected Version From: Windows 7
Affected Version To: Windows 8.1
Patch Exists: YES
Related CWE: CVE-2012-0217
CPE: o:microsoft:windows_7::-:professional
Metasploit:
https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-2934/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-2934/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-2934/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2012-0217/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2012-2934/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-0217/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2012-0217/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-aed44c4e-c067-11e1-b5e0-000c299b62e1/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0721/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-0217/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-0217/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012
Microsoft Windows kernel (Intel/x64) SYSRET vulnerability
This is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.
Mitigation:
Microsoft has released a patch for this vulnerability in MS12-042.
