An elevation of privilege vulnerability exists when the Win32k.sys kernel-mode driver improperly handles objects in memory. The vulnerability exists in the Windows OS process of creating windows for applications. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. This module exploits the previous vulnerability to deploy an agent that runs with SYSTEM privileges.
When a Windows computer is joined to any domain, usually, the "gpt.ini" file is downloaded by this from the Domain Controller server. If this file has a new number version, it means that there are new policies to download. When new policies are present, the client downloads the 'gpttmpl.inf' file and applies the policies contained by this. Using a "Man In The Middle" attack, this module intercepts the communication explained before and installs an agent running as 'system' user.
This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. This vulnerability was one of the 2015's Pwn2Own challenges.
Subscribe to Windows