POC详情: d744a1eefe40dc75adf6fae1e3a9f1259398bc73

来源
关联漏洞
标题: MSI Ambient Link Driver 缓冲区错误漏洞 (CVE-2020-17382)
描述:Micro Star MSI Ambient Link Driver是中国台湾微星科技(Micro Star)公司的一款游戏驱动程序。 MSI Ambient Link Driver 1.0.0.8版本存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
描述
CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit
介绍
### CVE-2020-17382 Windows 10 x64 2004 Build 19041.264 Exploit

Kudos to [@matteomalvica](https://twitter.com/matteomalvica) for asking me so many questions about this vulnerability that forced me to write an exploit for him for the latest Windows 10 release 19041.264 without KVA Shadow (i.e. non Specter vulnerable CPUs) and without VBS. Trivial to adapt to older Windows versions (Matteo adapted it to 1709, check his blog [post](https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/)).

On CPUs vulnerable to [CVE-2018-3620](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018) it becomes tricky because your ROP chain will grow considerably to make the PML4 executable, and you will end up overwriting stack cookies of the **ntoskrnl** function where you "want" to return.

Credits and original advisory here https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities
文件快照

[4.0K] /data/pocs/d744a1eefe40dc75adf6fae1e3a9f1259398bc73 ├── [3.5K] CVE-2020-17382.c └── [ 951] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。