加载未签名代码在win10(64)内核模式中(VMware Workstation)

啤酒瓶空了缓

https://github.com/ivildeed/vmw_vmx_overloader

Loading unsigned code into kernel of latest Windows 10 (64) with help of VMware Workstation Pro/Player design flaw.
[...]So by simply overwriting one function (Host64ToVmm) it is possible to execute our code in kernelmode.
[...]VMware was contacted regarding this, as a result issues was addressed in security advisory: VMSA-2017-0003 (CVE-2017-4898)

浏览github发现的
详细可以看作者的详细说明
许多签名的驱动都有这样的漏洞  这只是其中之一vmw_vmx_overloader.zip
来源：http://www.12558.net
免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！