add several 2019 cve

00-CVE_EXP/CVE-2019-0623/README.md

@@ -0,0 +1,52 @@
+### CVE-2019-0623
+
+#### 描述
+
+Win32k特权提升漏洞
+
+#### 影响版本
+
+| Product             | CPU Architecture | Version | Update | Tested             |
+| ------------------- | ---------------- | ------- | ------ | ------------------ |
+| Windows 10          | x64/x86/ARM64    | 1803 |        |                    |
+| Windows 10          | x64/x86/ARM64    | 1709 |        |  |
+| Windows 10          | x64/x86    | 1703 |        |  |
+| Windows 10 | x64/x86 | 1607 | | |
+| Windows 10          | x64/x86    |         |        |                    |
+| Windows 8.1 | x64/x86 | | | |
+| Windows RT 8.1 |  | | | |
+| Windows 7 | x64/x86 | | SP1 | ✔ |
+| Windows Server 2016 | | | | |
+| Windows Server 2012 | | R2 | | |
+| Windows Server 2012 | | | | |
+| Windows Server 2008 | x64/x86 | | SP2 | |
+| Windows Server 2008 | x64 | R2 | SP1 | |
+| Windows Server      |                  | 1803 |        |                    |
+| Windows Server      |                  | 1709 |        |                    |
+
+#### 修复补丁
+
+```
+https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623
+```
+
+#### 利用方式
+
+编译环境
+
+- VS2019（V142）X86 Debug
+
+改POC只对x86的机器有效，测试机器为Windows 7 SP1 x86
+
+![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0623_win_7_sp1_x86.gif)
+
+
+
+#### 分析文章
+- https://paper.seebug.org/832/
+
+
+
+#### 代码来源
+
+- [DreamoneOnly](https://github.com/DreamoneOnly/CVE-2019-0623-32-exp)

00-CVE_EXP/CVE-2019-0623/README_EN.md

@@ -0,0 +1,53 @@
+### CVE-2019-0623
+
+#### Describe
+
+An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
+
+
+#### ImpactVersion
+
+| Product             | CPU Architecture | Version | Update | Tested             |
+| ------------------- | ---------------- | ------- | ------ | ------------------ |
+| Windows 10          | x64/x86/ARM64    | 1803 |        |                    |
+| Windows 10          | x64/x86/ARM64    | 1709 |        |  |
+| Windows 10          | x64/x86    | 1703 |        |  |
+| Windows 10 | x64/x86 | 1607 | | |
+| Windows 10          | x64/x86    |         |        |                    |
+| Windows 8.1 | x64/x86 | | | |
+| Windows RT 8.1 |  | | | |
+| Windows 7 | x64/x86 | | SP1 | ✔ |
+| Windows Server 2016 | | | | |
+| Windows Server 2012 | | R2 | | |
+| Windows Server 2012 | | | | |
+| Windows Server 2008 | x64/x86 | | SP2 | |
+| Windows Server 2008 | x64 | R2 | SP1 | |
+| Windows Server      |                  | 1803 |        |                    |
+| Windows Server      |                  | 1709 |        |                    |
+
+#### Patch
+
+```
+https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623
+```
+
+#### Utilization
+
+CompilerEnvironment
+
+- VS2019（V142）X86 Debug
+
+POC is only valid for the X86 machine, the test machine is Windows 7 SP1 X86
+
+![](https://raw.github.com/Ascotbe/Image/master/Kernelhub/CVE-2019-0623_win_7_sp1_x86.gif)
+
+
+
+#### Analyze
+- https://paper.seebug.org/832/
+
+
+
+#### ProjectSource
+
+- [DreamoneOnly](https://github.com/DreamoneOnly/CVE-2019-0623-32-exp)

00-CVE_EXP/CVE-2019-0623/src/CVE-2019-0623.filters

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="FengShui.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="leak.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="leak.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>

00-CVE_EXP/CVE-2019-0623/src/CVE-2019-0623.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30002.166
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CVE-2019-0623", "CVE-2019-0623.vcxproj", "{F8C67622-75D0-4FB8-8068-8367978E379E}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Debug|x64.ActiveCfg = Debug|x64
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Debug|x64.Build.0 = Debug|x64
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Debug|x86.ActiveCfg = Debug|Win32
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Debug|x86.Build.0 = Debug|Win32
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Release|x64.ActiveCfg = Release|x64
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Release|x64.Build.0 = Release|x64
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Release|x86.ActiveCfg = Release|Win32
+		{F8C67622-75D0-4FB8-8068-8367978E379E}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {CC1E7F30-FEA3-45D6-9995-FD51E18B7BC2}
+	EndGlobalSection
+EndGlobal

00-CVE_EXP/CVE-2019-0623/src/CVE-2019-0623.user

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>

00-CVE_EXP/CVE-2019-0623/src/CVE-2019-0623.vcxproj

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <ProjectGuid>{F8C67622-75D0-4FB8-8068-8367978E379E}</ProjectGuid>
+    <RootNamespace>My20188589</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="FengShui.cpp" />
+    <ClCompile Include="leak.cpp" />
+    <ClCompile Include="main.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="leak.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

00-CVE_EXP/CVE-2019-0623/src/CVE-2019-0623.vcxproj.user

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>