❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayPosts on Beyond the Security Theater

Write access violation in Windows GDI DocumentEvent

TL;DR A denial of service vulnerability exists when Windows GDI improperly handles objects in memory. Processing a specially crafted picture may trigger a write access violation exception when the device context is associated with a printer. Description While looking into old vulnerabilities related to GDI+ I have encountered a write access violation similar to CVE-2016-0169 and CVE-2016-0170. Calling PlayEnhMetaFile() with a printer device and a specially crafted EMF file may lead to memory corruption triggered by the PROXYPORT::DocumentEvent() function.

NULL pointer dereference in Windows GDI bParseWin32MetaFile

TL;DR A denial of service vulnerability exists when Windows GDI improperly handles objects in memory. Converting a specially crafted EMF file to a WMF may trigger a read access violation due to a NULL pointer dereference and could allow denial of service. Description It seems that calling Metafile::EmfToWmfBits() method on a specially crafted EMF file may lead to memory corruption triggered by bGetNextRecord() called by the bParseWin32Metafile() function. The below is the relevant excerpt of the crash analysis from WinDbg:

How to mitigate symbolic link attacks on Windows?

5 December 2020 at 21:00
TL;DR SymlinkProtect is a custom minifilter driver for Windows written in C++. It is loaded into the file system driver stack as a filter driver. This allows it to monitor user-mode applications and block malicious attempts to set a reparse point on a directory creating a mount point to some suspicious targets like \RPC Control. Motivation Microsoft have recently added hard link mitigation to Windows and they are also actively working on mitigations for other attacks involving file path redirection through junctions or mountpoints.

Out-of-bounds read information disclosure vulnerability in Microsoft Windows GDI+ EMR_SETDIBITSTODEVICE record

9 September 2021 at 18:51
An information disclosure vulnerability (CVE-2022-21904) exists when the Windows GDI+ component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Out-of-bounds read information disclosure vulnerability in Microsoft Windows GDI+ EMR_STRETCHDIBITS record

29 September 2021 at 14:00
An information disclosure vulnerability (CVE-2022-21915) exists when the Windows GDI+ component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Out-of-bounds read information disclosure vulnerability in Microsoft Windows GDI+ EMR_BITBLT record

26 November 2021 at 09:36
An information disclosure vulnerability (CVE-2022-29112) exists when the Windows GDI+ component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Out-of-bounds read information disclosure vulnerability in Microsoft Windows GDI+ EMR_CREATEDIBPATTERNBRUSHPT record

28 December 2021 at 22:18
An information disclosure vulnerability (CVE-2022-26934) exists when the Windows GDI+ component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Arbitrary read information disclosure vulnerability in Microsoft Windows GDI+ EMR_STARTDOC record

An information disclosure vulnerability (CVE-2022-35837) exists when the Windows GDI+ component improperly discloses memory information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Out-of-bounds read information disclosure vulnerability in Microsoft Windows GDI+ EMR_SETPIXELV record

An information disclosure vulnerability (CVE-2022-34728) exists when the Windows GDI+ component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Out-of-bounds read information disclosure vulnerability in Microsoft Windows GDI+ EMR_STRETCHDIBITS record (again)

An information disclosure vulnerability (CVE-2022-38006) exists when the Windows GDI+ component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
❌
❌