CVE-2011-1237 PoC — Microsoft Windows多个平台内核模式驱动程序Win32k释放后使用漏洞

Source

https://github.com/BrunoPujos/CVE-2011-1237

Associated Vulnerability

Title:Microsoft Windows多个平台内核模式驱动程序Win32k释放后使用漏洞 (CVE-2011-1237)
Description:Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."

Description

POC for exploit of CVE-2011-1237

Readme

## CVE-2011-1237

This is an old POC for CVE-2011-1237 on Windows 7 written in 2013. The
vulnerability was discovered by Tarjei Mandt ([@kernelpool](https://twitter.com/kernelpool))
and explain in his paper [Kernel Attacks through User-Mode Callbacks](https://media.blackhat.com/bh-us-11/Mandt/BH_US_11_Mandt_win32k_WP.pdf).

Several things are hardcoded in this POC and it call the Null page which does
not work anymore. The exploit is describe in my talk
[A Look into the Windows Kernel](https://lse.epita.fr/lse-summer-week-2013/slides/lse-summer-week-2013-26-Bruno%20Pujos-A%20Look%20into%20the%20Windows%20Kernel.pdf).

The only thing the shellcode does is trigger a breakpoint.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!