Dell Authentication Driver Uncontrolled Write

Posted by deepcore on December 19, 2015 – 9:56 pm

The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains a vulnerability that can be leveraged to enable an attacker to write arbitrary code. The ‘OutputAddress’ from the IOCTL call is not validated before it attempts to write to memory. The content of the write is a four-byte hex value that is always greater than that of the kernel base address. Using multiple writes, it may be possible to overwrite the first entry of HalDispatchTable in a way that the entry would point to a user-land address. An attacker need only allocate shellcode at said address and call the ntdll!NtQueryIntervalProfile() function.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Microsoft SmartScreen Claims It Can Block Zero-Day Attacks Avira Registry Cleaner DLL Hijacking »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Dell Authentication Driver Uncontrolled Write

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL