Fangming Gu (Institute of Information Engineering, Chinese Academy of Sciences), Qingli Guo (Institute of Information Engineering, Chinese Academy of Sciences), Jie Lu (Institute of Computing Technology, Chinese Academy of Sciences), Qinghe Xie (Institute of Information Engineering, Chinese Academy of Sciences), Beibei Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Kangjie Lu (University of Minnesota), Hong Li (Institute of information engineering, Chinese Academy of Sciences), Xiaorui Gong (Institute of information engineering, Chinese Academy of Sciences)

The Windows operating system employs various inter-process communication (IPC) mechanisms, typically involving a privileged server and a less privileged client. However, scenarios exist where the client has higher privileges, such as a performance monitor running as a domain controller obtaining data from a domain member via IPC. In these cases, the server can be compromised and send crafted data to the client.
Despite the increase in Windows client applications, existing research has overlooked potential client-side vulnerabilities, which can be equally harmful. This paper introduces GLEIPNIR, the first vulnerability detection tool for Windows remote IPC clients. GLEIPNIR identifies client-side vulnerabilities by fuzzing IPC call return values and introduces a snapshot technology to enhance testing efficiency. Experiments on 76 client applications demonstrate that GLEIPNIR can identify 25 vulnerabilities within 7 days, resulting in 14 CVEs and a bounty of $36,000.

View More Papers

PowerRadio: Manipulate Sensor Measurement via Power GND Radiation

Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University)

Read More

Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs...

Christopher Ellis (The Ohio State University), Yue Zhang (Drexel University), Mohit Kumar Jangid (The Ohio State University), Shixuan Zhao (The Ohio State University), Zhiqiang Lin (The Ohio State University)

Read More

PBP: Post-training Backdoor Purification for Malware Classifiers

Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University)

Read More