header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.

Windows OLE RCE Exploit MS14-060 (CVE-2014-4114) ? Sandworm

This exploit is based on the OLE Remote Code Execution vulnerability identified as MS14-060 (CVE-2014-4114). It creates a blank PowerPoint show (ppsx) file to exploit the vulnerability. The script will also create the INF file and an optional Meterpreter reverse_tcp executable with the -m switch. Alternatively, you can host your own exectuble payload. Host the INF and GIF (EXE) in an SMB share called 'share'.

Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)

This module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

This module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This module generates a random WMF record stream for each request.

Windows Task Scheduler Privilege Escalation 0day

This exploit allows an attacker to escalate their privileges on a Windows system using a 0day vulnerability in the Task Scheduler. The exploit takes advantage of a flaw in the scheduler's handling of certain scripts, allowing the attacker to execute arbitrary code with elevated privileges. The vulnerability has not been assigned a CVE identifier.

Windows SMB NTLM Authentication Weak Nonce Vulnerability

An unauthenticated remote attacker without any kind of credentials can access the SMB service under the credentials of an authorized user. Depending on the privileges of the authorized user, and the configuration of the remote system, an attacker can gain read/write access to the remote file system and execute arbitrary code by using DCE/RPC over SMB.

Microsoft Windows win32k!xxxRealDrawMenuItem() missing HBITMAP bounds checks

The win32k.sys module in Microsoft Windows 7 does not perform proper bounds checks on HBITMAP handles, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka a 'Windows Kernel Elevation of Privilege Vulnerability'.

Recent Exploits: