Windows Kernel 64-bit pool memory... CVE-2018-0900 CNNVD-201803-502

1.9 AV AC AU C I A
发布: 2018-03-14
修订: 2018-04-05

We have discovered a Windows kernel memory disclosure vulnerability through the contents of "FilteredConfigVector" registry values (of type REG_RESOURCE_REQUIREMENTS_LIST), which can be found under HKLM\SYSTEM\CurrentControlSet\Enum\ACPI\*\*\Control\FilteredConfigVector. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak was originally detected under the following stack trace (Windows 7): ``` # RetAddr 00 fffff800`0295c064 nt!memcpy+0x3 01 fffff800`02970c81 nt!CmpQueryKeyValueData+0x3ae 02 fffff800`02971237 nt!CmEnumerateValueKey+0x211 03 fffff800`0268d093 nt!NtEnumerateValueKey+0x256 04 00000000`772abe6a nt!KiSystemServiceCopyEnd+0x13 ``` and more specifically in the copying of the CM_RESOURCE_LIST structure: ``` kd> db rdx rdx+r8-1 fffff8a0`049d5314 a8 00 00 00 0f 00 00 00-00 00 00 00 00 00 00 00 ................ fffff8a0`049d5324 aa aa aa aa aa aa aa aa-aa aa aa aa 01 00 00 00 ................ fffff8a0`049d5334 01 00 01 00 04 00 00 00-01 80 03 00 00 00 00 00...

0%
当前有1条漏洞利用/PoC
当前有14条受影响产品信息