tags:windowsstreaming_serviceuafmethodology original link: Racing round and round: The little bug that could newsletter link: exploits.club Weekly Newsletter 32 - Popping Basebands, Pwnie Nominated PrivEscs, The Compiler Landscape, And More
Exploits Club Summary:
@chompie released a write-up detailing her Pwn2Own winning, Pwnie nominated bug in Windows Streaming Service. The post not only serves as a wonderful technical reference, walking through the logic error which lead to the UAF, but also takes you through the moreâŠabstractâŠskills associated with good vuln research: subsystem selection, going with your gut, spotting things which are fishy, etc. The core bug itself stems from the failure to set a certain pointer to null during an objectâs release, leading to the potential re-release of the same object, causing a UAF. The post also goes through a retrospective to see when the bug was first introduced before concluding with the patch (spoiler: itâs not great). We are looking forward to the next installment on exploitation!