OverIT framework XSLT Injection and XXE – CVE-2022-22834 & CVE-2022-22835
During a penetration test activity, two vulnerabilities were discovered on a specific functionality called “Test Trasformazione xsl” whose purpose is to test the correct operation of the XSLT Java engine. This functionality is part of the set of tools available within the Geocall-Framework and it is not active by default. Advisory - CVE-2022-22834 OverIT projects based on the same Geocall-Framework at level...
Merry Hackmas: multiple vulnerabilities in MSI’s products
This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space.Read/write Model-Specific Registers (MSRs)... Driver Buddy Reloaded
As part of Yarix's continuous security research journey, during this year I’ve spent a good amount of time reverse-engineering Windows drivers and exploiting kernel-mode related vulnerabilities. While in the past there were (as far as I know), at least two good IDA plugins aiding in the reverse engineering process: DriverBuddy of NCC Group. win_driver_plugin of F-Secure. unfortunately, nowadays, they are both rusty,...