|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Piotr Bania (bania.piotr
gmail.com)
Date: Wed Sep 16 2009 - 10:12:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yo all,
Last couple of days i had a chance to play and research VMware a bit, of
course among other things. I spent last few days researching the
vulnerability Kostya presented sometime ago [1]. Unlike Kostya's method I am
able to exploit this vulnerability only by sending two specially crafted
SVGA_CMD_RECT_COPY signals. This method should work on default VMware
configurations with SVGA support. Following exploit was tested only on
Windows XP SP3 with VMware Workstation 6.5.1 build 126130 (no DEP support).
To be honest i spent more time coding the hacktro and doing 3d kab00mz :-)
Greetings for all of the hidden demosceners.
exploit video: http://vimeo.com/6595148
hacktro video: http://vimeo.com/6595412
(this red belt is some video capture error :()
best regards,
Piotr Bania
[1] -
http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf
--
--------------------------------------------------------------------
Piotr Bania - <bania.piotrgmail.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com - Key ID: 0xBE43AC33
--------------------------------------------------------------------
- "The more I learn about men, the more I love dogs."
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]