CVE-2020-17382 PoC — MSI Ambient Link Driver 缓冲区错误漏洞

Source

https://github.com/houseofint3/CVE-2020-17382

Associated Vulnerability

Title:MSI Ambient Link Driver 缓冲区错误漏洞 (CVE-2020-17382)
Description:The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).

Description

CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit

Readme

### CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit

Kudos to [@matteomalvica](https://twitter.com/matteomalvica) for asking me so many questions about this vulnerability that forced me to write an exploit for him for the latest Windows 10 release 19041.264 without KVA Shadow (i.e. non Specter vulnerable CPUs) and without VBS. Trivial to adapt to older Windows versions (Matteo adapted it to 1709, check his blog [post](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/)).

On CPUs vulnerable to [CVE-2018-3620](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018) it becomes tricky because your ROP chain will grow considerably to make the PML4 executable, and you will end up overwriting stack cookies of the **ntoskrnl** function where you "want" to return.

Credits and original advisory here https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities

File Snapshot


 [4.0K]  /data/pocs/d744a1eefe40dc75adf6fae1e3a9f1259398bc73
├── [3.5K]  CVE-2020-17382.c
└── [ 951]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!