The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.
The nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
The nt!NtQueryInformationProcess system call called with the ProcessVmCounters information class discloses portions of uninitialized kernel stack memory to user-mode clients.
The handler of the nt!NtTraceControl system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10 systems. The uninitialized values are copied back to user-mode, which can potentially expose sensitive information.
This exploit allows an attacker to derandomize the latest Windows 10 Kernel by getting the PML4-Self-Ref entry.
The vulnerability allows an attacker to import a .job file into the task scheduler on Windows 10, which results in a call to the '_SchRpcRegisterTask' RPC function. The function 'tsched::SetJobFileSecurityByName' in the task scheduler service impersonates itself (NT AUTHORITYSYSTEM) and calls 'SetSecurityInfo' on a task it created in c:windowssystem32tasks. This can be abused to modify the permissions of the task and potentially gain elevated privileges.
If we navigate the Speech directory on Windows 10 we will get some (dll) files but the interest file is (Xtel.dll). And in the normal case if we say something. that mean as there a variable which register what we say. And if we play around "Xtel.dll" we will find a function named "Speak" which take to parameter "lineID as Long" and "text as String" When we inject "A*3092" that lead to Buffer Overflow Vulnerability. The crash occur in "6344164F MOV ECX,[EAX+2C]"
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.
MS15-034 is a buffer overflow vulnerability in Microsoft Windows HTTP.sys which allows remote code execution. The vulnerability is caused by improper validation of the Range header in HTTP requests. An attacker can send a specially crafted HTTP request containing an overly long Range header to trigger a buffer overflow and execute arbitrary code.
This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.