Win32k.sys Kernel Object Use-After-Free
XLAB ID: XLAB-15-005
CVE ID: CVE-2015-1720
Patch Status: Fixed
Vulnerability Details:
The specific flaw exists within the function NtUserTrackPopupMenu. The issue lies in the failure to propery handle reference counting of the MENU objects. An attacker can leverage this vulnerability to raise privileges and execute code under the context of SYSTEM.
Disclosure Timeline:
| 2015/03/18 | Provide vulnerability detail to Micorsoft via secure@micorsoft.com |
|---|---|
| 2015/03/19 | Micorsoft responded that they had opened case 21767 for the issuse |
| 2015/04/16 | Micorsoft responded that they had successfully reproduced the issue, and asked for the source code of PoC |
| 2015/04/16 | Rejected Micorsoft’s request with the consideration of respecting intellectual property |
| 2015/04/28 | Micorsoft responded that they had been working closer to the fix |
| 2015/06/09 | Microsoft responded that they had assigned CVE-2015-1720 to the issue |
Credit:
This vulnerability was discovered by: Kai Kang