A New CVE-2015-0057 Exploit Technology
asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology
asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The Old-school Kernel Attack Surface<br />
<strong>Exploit</strong> Code<br />
3<br />
DestroyWindow(ScrollHandle)<br />
5<br />
Allocate Object<br />
2<br />
Ring-3<br />
User Mode Callback<br />
Callback Return<br />
Ring-0<br />
4 RtlpFreeHeap<br />
Win32k.sys<br />
Desktop Heap<br />
xxxEnableWndSBArrows<br />
1<br />
tagSBINFO<br />
<strong>New</strong> Object<br />
6<br />
7<br />
xxxEnableWndSBArrows<br />
Use-After-Free<br />
chunk #02<br />
chunk #02<br />
chunk #02<br />
chunk #03<br />
chunk #03<br />
chunk #03<br />
…….. …….. ……..