header-logo
Suggest Exploit
vendor:
Windows 7
by:
Project Zero
8,8
CVSS
HIGH
Win32k.sys Special Pool
119
CWE
Product Name: Windows 7
Affected Version From: Windows 7
Affected Version To: Windows 7
Patch Exists: YES
Related CWE: CVE-2017-8625
CPE: o:microsoft:windows_7
Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-8625/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2017

Win32k.sys Special Pool

The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggered in multiple different ways, such as by calling NtGdiGetTextMetricsW with a NULL pointer, or by calling NtGdiGetTextExtentExW with a NULL pointer.

Mitigation:

Microsoft released a patch to address this vulnerability.
Source

Exploit-DB raw data:

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=686

​The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39647.zip

Navigation

Suggest Exploit

Services By CQR