Published: 29/04/2020 Updated: 21/07/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The ene.sys driver in G.SKILL Trident Z Lighting Control up to and including 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gskill trident z lighting control

x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

anycall x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration Read: wwwgodeyeclub/2021/05/14/001-x64-windows-kernel-code-execution-via-userhtml How it works Allocate physical memory to user virtual memory Allows user-process to manupulate arbitrary physical memory without calling APIs Search entire physical memory

Windows kernel rootkit for the highschool's cyber track

Mark ⚠️ This project is incredibly buggy, unstable, and will probably BSoD for you About An amazingly bad Windows kernel rootkit, built as a final project for the Cyber track in my highschool Flow The rootkit loads itself via DriverLoaderexe, which utilizes CVE-2020-12446: an arbitrary physical r/w vulnerability in enesys We first convert the physical r/w to virtual

NVD-CWE-noinfo https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-003.md https://nvd.nist.gov https://github.com/kkent030315/anycall

CVE-2020-12446

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect