Tag - LPE

Merry Hackmas: multiple vulnerabilities in MSI’s products

This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual...

Chaining Bugs: NVIDIA GeForce Experience (GFE) Command Execution

NVIDIA GeForce Experience (GFE) v.<= 3.21 is affected by an Arbitrary File Write vulnerability in the GameStream/ShadowPlay plugins, where log files are created using NT AUTHORITY\SYSTEM level permissions, which lead to Command Execution and Elevation of Privileges (EoP).NVIDIA Security Bulletin – April 2021NVIDIA Acknowledgements PageIntroductionSome time ago I was looking for file system misconfigurations on...

Exploiting System Mechanic Driver

Last month we (last & VoidSec) took the amazing Windows Kernel Exploitation Advanced course from Ashfaq Ansari (@HackSysTeam) at NULLCON. The course was very interesting and covered core kernel space concepts as well as advanced mitigation bypasses and exploitation. There was also a nice CTF and its last exercise was: “Write an exploit for System...