Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data

From bleepingcomputer.com

A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.

Running the proof-of-concept (PoC) code provided by the researcher that uses the online alias SandboxEscaper results in overwriting ‘pci.sys’ with information about software and hardware problems, collected through the Windows Error Reporting (WER) event-based feedback infrastructure.

Read more…