Posts Tagged ‘microsoft’

Microsoft Windows LNK File Code Execution

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the […]

Microsoft Edge Chakra JIT Failed RegexHelper::StringReplace Call

The “String.prototype.replace” method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating “ImplicitCallFlags”. But “RegexHelper::StringReplace” calls the replace function without updating the flag. Therefore it fails to detect if a user function was called. Source: Microsoft Edge Chakra JIT […]

Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass

The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard). Source: Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass

Microsoft Windows 10 x64 RS2 win32kfull!bFill Overflow

This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft’s September Updates). Source: Microsoft Windows 10 […]