| Titolo | Wise System Monitor, WiseHDInfo64.dll, Arbitrary Kernel Execution |
|---|
| Descrizione | Version: Wise System Monitor x.x.x.x, WiseHDInfo64.dll x.x.x.x, DoS
http://www.wisecleaner.com/wise-system-monitor.html
Impact: Arbitrary Kernel Execution
Description: From IoControlCode 0x9C402088, a normal user can call __writemsr, which can lead to arbitrary kernel execution.
Reproduce: In the attached file ArbitraryKernelExecution.zip, there are writemsr.exe, writemsr.cpp, ArbitraryKernelExecution.cpp, WSMSetup_1.5.3.127.exe, and WiseHDInfo64.dll(which in fact a .sys). writemsr.exe is the PoC to cause DoS where WSMSetup_1.5.3.127.exe which contains the vulnerable driver WiseHDInfo64.dll is installed, and writemsr.cpp is the source code of writemsr.exe. To reproduce the issue, install WSMSetup_1.5.3.127.exe and execute writemsr.exe. It is expected that the system will call __writemsr once writemsr.exe is executed.
To achieve arbitrary kernel execution, refer to the porject https://git.back.engineering/_xeroxz/msrexec, and replace main.cpp in the project to ArbitraryKernelExecution.cpp in the attachment.
Password for attachment: ArbitraryKernelExecution
https://drive.google.com/file/d/15k4sO3qRWDORWjU2QyOVoT_DumX6LrWu/view?usp=sharing |
|---|
| Fonte | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned18 |
|---|
| Utente | Zeze7w (UID 40823) |
|---|
| Sottomissione | 17/03/2023 14:53 (3 anni fa) |
|---|
| Moderazione | 18/03/2023 21:03 (1 day later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 223375 [Lespeed WiseCleaner Wise System Monitor 1.5.3.54 IoControlCode WiseHDInfo64.dll 0x9C402088 escalationi di privilegi] |
|---|
| Punti | 20 |
|---|