| Title | DriverGenius, mydrivers64.sys, Arbitrary Kernel Execution |
|---|
| Description | Version: DriverGenius 9.70.0.346, mydrivers64.sys 9.2.707.1214
http://www.drivergenius.com/
Impact: Arbitrary Kernel Execution
Description: From IoControlCode 0x9C402088, a normal user can call __writemsr, which can lead to arbitrary kernel execution.
Reproduce: In the attached file ArbitraryKernelExecution.zip, there are writemsr.exe, writemsr.cpp, ArbitraryKernelExecution.cpp, DGSetup_Home_BZNR.exe, and mydrivers64.sys. writemsr.exe is the PoC to call wrmsr where DGSetup_Home_BZNR.exe which contains the vulnerable driver mydrivers64.sys is installed, and writemsr.cpp is the source code of writemsr.exe. To reproduce the issue, install DGSetup_Home_BZNR.exe and execute writemsr.exe. It is expected that the system will call __writemsr once writemsr.exe is executed.
To achieve arbitrary kernel execution, refer to the project https://git.back.engineering/_xeroxz/msrexec, and replace main.cpp in the project to ArbitraryKernelExecution.cpp in the attachment. Password for attachment: ArbitraryKernelExecution
https://drive.google.com/file/d/1kYCec3kYCzD9s2Vnclp_aW5jLneWqHC_/view?usp=sharing |
|---|
| Source | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned27 |
|---|
| User | Zeze7w (UID 40823) |
|---|
| Submission | 03/24/2023 07:05 (3 years ago) |
|---|
| Moderation | 03/28/2023 22:16 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 224233 [DriverGenius 9.70.0.346 IOCTL mydrivers64.sys 0x9C402088 memory corruption] |
|---|
| Points | 20 |
|---|