Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)
| EKU-ID: 42669 | CVE: CVE-2015-2365;OSVDB-124588;MS15-073 | OSVDB-ID: |
| Author: Nils Sommer | Published: 2015-09-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 42669 | CVE: CVE-2015-2365;OSVDB-124588;MS15-073 | OSVDB-ID: |
| Author: Nils Sommer | Published: 2015-09-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Source: https://code.google.com/p/google-security-research/issues/detail?id=335 Freed memory is accessed after switching between two desktops of which one is closed. The testcase crashes with and without special pool enabled. The attached crash output is with special enabled on win32k.sys and ntoskrnl.sys. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38267.zip