tandasat / CVE-2023-36427

Report and exploit of CVE-2023-36427

Home Page:https://tandasat.github.io/blog/2023/11/19/CVE-2023-36427.html

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-36427

This repo contains the report and exploit of CVE-2023-36427, memory corruption at arbitrary physical addresses from the root partition on Windows. The details and exploit of the vulnerability are in the report sent to Microsoft.

Demo

Timeline

  • July 2 - Sent a report to a friend of mine at Microsoft.
  • July 11 - Received a reply from a member of the team responsible for the issue.
  • August 8 - Received a proposal to make the disclosure date November 14.
  • August 9 - Agreed with the proposal.
  • November 14 - The fix was released.
  • November 15 - Disclosed the issue. Notified that the issue was eligible for a 2000 USD bounty award.

Thanks MSRC for transparent communication, the engineering team for fixing this on time, and Andrea (@aall86) for helping me share the issue and connecting with the right folks within Microsoft.

About

Report and exploit of CVE-2023-36427

https://tandasat.github.io/blog/2023/11/19/CVE-2023-36427.html

License:MIT License


Languages

Language:C++ 100.0%