Tag - EoP

Merry Hackmas: multiple vulnerabilities in MSI’s products

This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a...

Chaining Bugs: NVIDIA GeForce Experience (GFE) Command Execution

NVIDIA GeForce Experience (GFE) v.<= 3.21 is affected by an Arbitrary File Write vulnerability in the GameStream/ShadowPlay plugins, where log files are created using NT AUTHORITY\SYSTEM level permissions, which lead to Command Execution and Elevation of Privileges (EoP).NVIDIA Security Bulletin – April 2021NVIDIA Acknowledgements PageIntroductionSome time ago I was looking for file system misconfigurations...