Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data

From bleepingcomputer.com

A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.

Running the proof-of-concept (PoC) code provided by the researcher that uses the online alias SandboxEscaper results in overwriting ‘pci.sys’ with information about software and hardware problems, collected through the Windows Error¬†Reporting (WER) event-based feedback infrastructure.

Read more…