CVE-2008-0365

CORE FORCE < 0.95.167 - Buffer Overflow via IOCTL or SSDT Hook Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0365. PoCs published by Sebastian Gottschalk.

AI-analyzed exploit summary This is a writeup describing steps to reproduce multiple local kernel buffer-overflow vulnerabilities in CORE FORCE Firewall and Registry modules. It involves using DC2.exe and BSODHook.exe tools to trigger the vulnerabilities, potentially leading to denial-of-service or privilege escalation.

Description

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sebastian Gottschalk · textlocalwindows

https://www.exploit-db.com/exploits/31036

View Code ZIP pw:eip

This is a writeup describing steps to reproduce multiple local kernel buffer-overflow vulnerabilities in CORE FORCE Firewall and Registry modules. It involves using DC2.exe and BSODHook.exe tools to trigger the vulnerabilities, potentially leading to denial-of-service or privilege escalation.

Classification

Writeup 90%

Attack Type

Dos | Lpe

Complexity

Moderate

Reliability

Theoretical

Target: CORE FORCE Firewall and Registry modules up to and including version 0.95.167

Auth required

Prerequisites: Access to DC2.exe from Windows Driver Kit · Access to BSODHook.exe from Matousec · Local user access to the target system

MITRE ATT&CK