Exploiting CVE-2018-1038 - Total Meltdown

Full Article here:

Quote

https://blog.xpnsec.com/total-meltdown-cve-2018-1038/

An excerpt from the post:

Quote

 

Back in March, a vulnerability was disclosed by Ulf Frisk in Windows 7 and Server 2008 R2.

The vulnerability is pretty awesome, a patch released by Microsoft to mitigate the Meltdown vulnerability inadvertently opened up a hole on versions of Windows, allowing any process to access and modify page table entries.

The writeup of the vulnerability can be found over on Ulf's blog here, and is well worth a read.

This week I had some free time, so I decided to dig into the vulnerability and see just how the issue manifested itself. The aim was to create a quick exploit which could be used to elevate privileges during an assessment. I ended up delving into Windows memory management more than I had before, so this post was created to walk through just how an exploit can be crafted for this kind of vulnerability.

As always, this post is for people looking to learn about exploitation techniques rather than simply providing a ready to fire exploit. With that said, let's start with some paging fundamentals.