MS Windows (.ANI) GDI Remote Elevation
of Privilege Exploit (MS07-017)
Compatibility
All MS Windows 2000/XP before MS07-017 patch with IE 6 (and later ???).
References
http://www.microsoft.com/technet/security/advisory/935423.mspx
http://research.eeye.com/html/alerts/zeroday/20061106.html
http://www.milw0rm.com/exploits/3688
http://ivanlef0u.free.fr/?p=41
Used technique for this exploit (C langage) :
-> http://www.milw0rm.com/exploits/3755
The same but the code is updated :
-> http://www.labo-asso.com/download/gdi_local_elevation_privilege_exploit_ms07_017.zip
This exploit with source of payload (nasm) :
http://www.labo-asso.com/download/gdi_remote_elevation_privilege_exploit_ms07_017.zip
Study (in French) :
http://www.labo-asso.com/php/travaux/gdi_kernel_exploit.php
Patch
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
For educational only !
if (success) displays some kernel informations
with help a MessageBox;
else alone knows...;
Coded by Lionel d'Hauenens
bugs, comments,... : http://www.labo-asso.com
or http://www.labo-asso.com/forum
Avril 20, 2007