Skip to content

CVE-2011-2018 exploitation as a standalone paper + other news

Hey guys,

I figured that it might be worth releasing the “The story of CVE-2011-2018 exploitation” as a stand-alone, nicely formatted paper for your reading convenience. It was previously released in the Hack in The Box Magazine #8 over a month ago (see announcement blog post). In short words, the paper is a guide through the exploitation process of a subtle, yet very interesting vulnerability in the Windows kernel, patched by Microsoft in December 2011. Without further ado, the full document can be downloaded at: cve_2011_2018.pdf (607kB).


Exploitation of Windows kernel vulnerabilities is recently drawing more and more attention, as observed in both monthly Microsoft advisories and technical talks presented on public security events. One of the most recent security flaws fixed in the Windows kernel was CVE-2011-2018, a vulnerability which could potentially allow a local attacker to execute arbitrary code with system privileges. The problem affected all – and only – 32-bit editions of the Windows NT-family line, up to Windows 8 Developer Preview. In this article, I present how certain novel exploitation techniques can be used on different Windows platforms to reach an elevation of privileges through this specific kernel vulnerability.

In other news, Gynvael has written a blog post about the IGK’09 conference we attended in late March. Amongst other things, there was a ~7h game development competition that we (as usual) decided to take part in it, together with our superior graphic designer: xaos//vx. You can read the whole story here, whereas the result of our efforts can be admired below:

Download: (6MB; win32 execs + data + source).

And that’s it, enjoy!

{ 1 } Comments

  1. Alex | 27-May-12 at 03:43:40 | Permalink

    You didn’t reply to my email :-(


{ 1 } Trackback

  1. […] CVE-2011-2018 exploitation as a standalone paper + other news CVE-2011-2018 권한 상승 취약점에 대한 상세문서이다. […]

Post a Comment

Your email is never published nor shared. Required fields are marked *