Home Cyber Crime Google shares PoC exploit for critical Windows 10 Graphics RCE bug

Google shares PoC exploit for critical Windows 10 Graphics RCE bug


Google shares PoC exploit for critical Windows 10 Graphics RCE bug

Venture Zero, Google’s 0day bug-hunting group, shared technical particulars and proof-of-concept (PoC) exploit code for a essential distant code execution (RCE) bug affecting a Home windows graphics element.

The Venture Zero researchers found the vulnerability, tracked as CVE-2021-24093, in a high-quality textual content rendering Home windows API named Microsoft DirectWrite.

They reported the bug to the Microsoft Safety Response Middle in November. The corporate launched safety updates to deal with it on all weak platforms on February 9, throughout this month’s Patch Tuesday.

Impacts Home windows 10 variations as much as 20H2

The safety flaw impacts a number of Home windows 10 and Home windows Server releases as much as model 20H2, the newest launched model.

After the 90-day disclosure deadline, Venture Zero published a proof-of-concept exploit code that can be utilized to breed the bug in browsers operating on fully-patched Home windows 10 1909 programs.

“Connected is the proof-of-concept TrueType font along with an HTML file that embeds it and shows the AE character,” the researchers stated.

“It reproduces the crash proven above on a completely up to date Home windows 10 1909, in all main internet browsers. The font itself has been subset to solely embrace the defective glyph and its dependencies.”

From heap-based buffer overflow to RCE

The DirectWrite API is used because the default font rasterizer by main internet browsers comparable to Chrome, Firefox, and Edge for rendering internet font glyphs.

Since these internet browsers use the DirectWrite API for font rendering, the safety flaw could be leveraged by attackers to set off a reminiscence corruption state which will enable them to execute arbitrary code on the targets’ programs remotely.

Attackers can exploit CVE-2021-24093 by tricking targets into visiting web sites with maliciously crafted TrueType fonts that set off a heap-based buffer overflow within the fsg_ExecuteGlyph API operate.

Google patched the same actively exploited zero-day within the widespread FreeType textual content rendering library used to focus on Chrome customers.

In November, Microsoft additionally mounted a Windows kernel zero-day bug actively exploited in focused assaults and publicly disclosed by Venture Zero one month earlier.

Source link