Skip to content

Latest commit

 

History

History

CVE-2023-1489

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

Wise System Monitor, WiseHDInfo64.dll, Arbitrary Kernel Execution

Vulnerability Info

Version

Impact

Arbitrary Kernel Execution

Description

From IoControlCode 0x9C402088, a normal user can call __writemsr, which can lead to arbitrary kernel execution.

Reproduce

In the attached file ArbitraryKernelExecution.zip, there are writemsr.exe, writemsr.cpp, ArbitraryKernelExecution.cpp, WSMSetup_1.5.3.127.exe, and WiseHDInfo64.dll(which in fact a .sys). writemsr.exe is the PoC to cause writing msr where WSMSetup_1.5.3.127.exe which contains the vulnerable driver WiseHDInfo64.dll is installed, and writemsr.cpp is the source code of writemsr.exe. To reproduce the issue, install WSMSetup_1.5.3.127.exe and execute writemsr.exe. It is expected that the system will call __writemsr once writemsr.exe is executed.

To achieve arbitrary kernel execution, refer to the porject https://git.back.engineering/_xeroxz/msrexec, and replace main.cpp in the project to ArbitraryKernelExecution.cpp in the attachment.

Password for attachment: ArbitraryKernelExecution https://drive.google.com/file/d/15k4sO3qRWDORWjU2QyOVoT_DumX6LrWu/view?usp=sharing