A Beginner's Guide to Understanding Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174)

Introduction

CVE-2018-8174 is a VBScript vulnerability which was found being exploited in the wild. The unique event related to this vulnerability is, though it is a VBScript vulnerability, it was found being exploited using MS Office. There is a blogpost by Qihoo 360 [1] performing a thorough analysis on Exploit Delivery, Vulnerability Root Cause, Exploitation Strategy, Payload etc. There is also a good blogpost from Kaspersky [2] where they have done a deeper analysis of the vulnerability. This post will focus on various techniques of reverse engineering internals of Windows VBScript Engine, to understand the vulnerability better.

Windows Kernel Exploitation - Exploiting HEVD x64 Use-After-Free using Generic Non-Paged Pool Feng-Shui

Introduction

There are many awesome tutorials and solutions on exploiting HEVD [1] use-after-free for Windows 7 32-bit. All the solutions used IO Completion Reserve Objects to groom the kernel pool [2] [3] [4] [5] [6] [7]. But, most of the systems nowadays run 64-bit version of Windows. So, it might be interesting to find out how one can exploit UAF for a 64-bit vulnerable driver in Windows.

This is my First Blog Post!

Click here to go to my Home Page