关联漏洞
标题:MSI Ambient Link Driver 缓冲区错误漏洞 (CVE-2020-17382)Description:Micro Star MSI Ambient Link Driver是中国台湾微星科技(Micro Star)公司的一款游戏驱动程序。 MSI Ambient Link Driver 1.0.0.8版本存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
介绍
### CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit
Kudos to [@matteomalvica](https://twitter.com/matteomalvica) for asking me so many questions about this vulnerability that forced me to write an exploit for him for the latest Windows 10 release 19041.264 without KVA Shadow (i.e. non Specter vulnerable CPUs) and without VBS. Trivial to adapt to older Windows versions (Matteo adapted it to 1709, check his blog [post](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/)).
On CPUs vulnerable to [CVE-2018-3620](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018) it becomes tricky because your ROP chain will grow considerably to make the PML4 executable, and you will end up overwriting stack cookies of the **ntoskrnl** function where you "want" to return.
Credits and original advisory here https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities
文件快照
[4.0K] /data/pocs/238a38a0033f3e2983903aae91b611d6a7d7626a
├── [3.5K] CVE-2020-17382.c
└── [ 951] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →