Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1489/
WindowsKernelVuln/CVE-2023-1489/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 

Wise System Monitor, WiseHDInfo64.dll, Arbitrary Kernel Execution

Vulnerability Info

Version

Impact

Arbitrary Kernel Execution

Description

From IoControlCode 0x9C402088, a normal user can call __writemsr, which can lead to arbitrary kernel execution.

Reproduce

In the attached file ArbitraryKernelExecution.zip, there are writemsr.exe, writemsr.cpp, ArbitraryKernelExecution.cpp, WSMSetup_1.5.3.127.exe, and WiseHDInfo64.dll(which in fact a .sys). writemsr.exe is the PoC to cause writing msr where WSMSetup_1.5.3.127.exe which contains the vulnerable driver WiseHDInfo64.dll is installed, and writemsr.cpp is the source code of writemsr.exe. To reproduce the issue, install WSMSetup_1.5.3.127.exe and execute writemsr.exe. It is expected that the system will call __writemsr once writemsr.exe is executed.

To achieve arbitrary kernel execution, refer to the porject https://git.back.engineering/_xeroxz/msrexec, and replace main.cpp in the project to ArbitraryKernelExecution.cpp in the attachment.

Password for attachment: ArbitraryKernelExecution https://drive.google.com/file/d/15k4sO3qRWDORWjU2QyOVoT_DumX6LrWu/view?usp=sharing