The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.
The exploit targets Microsoft Windows 10.0.17763.5458 and allows for a privilege escalation within the kernel. By exploiting this vulnerability, an attacker could potentially gain elevated privileges on the system.
This exploit is based on the OLE Remote Code Execution vulnerability identified as MS14-060 (CVE-2014-4114). It creates a blank PowerPoint show (ppsx) file to exploit the vulnerability. The script will also create the INF file and an optional Meterpreter reverse_tcp executable with the -m switch. Alternatively, you can host your own exectuble payload. Host the INF and GIF (EXE) in an SMB share called 'share'.
This module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
This module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This module generates a random WMF record stream for each request.
The NtUserLoadKeyboardLayoutEx function in Windows allows an attacker to inject shellcode into a process by manipulating the offTable parameter. By passing a specially crafted value for offTable, an attacker can cause the function to execute arbitrary code.
This exploit allows an attacker to escalate their privileges on a Windows system using a 0day vulnerability in the Task Scheduler. The exploit takes advantage of a flaw in the scheduler's handling of certain scripts, allowing the attacker to execute arbitrary code with elevated privileges. The vulnerability has not been assigned a CVE identifier.
An unauthenticated remote attacker without any kind of credentials can access the SMB service under the credentials of an authorized user. Depending on the privileges of the authorized user, and the configuration of the remote system, an attacker can gain read/write access to the remote file system and execute arbitrary code by using DCE/RPC over SMB.
A race condition exists in the validation stage of the NtCreateThread function in Microsoft Windows. This can be exploited to set the SegCs register to rpl0 and execute code with kernel privileges.
The win32k.sys module in Microsoft Windows 7 does not perform proper bounds checks on HBITMAP handles, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka a 'Windows Kernel Elevation of Privilege Vulnerability'.