Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2024-20698 About this vulnerability: https://msrc.microsof...

Exploit for Use After Free in Microsoft

CVE-2021-40449 More info here: https://kristal-g.github.io/20...

SysWhispers2 - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference BetweenSysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but...

Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Exploit

Exploit for windows platform in category local exploits E-DB Note: + Source: https://github.com/sensepost/gdi-palettes-exp + Binary: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42432.exe include include include include //From...

Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...

Microsoft Windows - IOCTL_DISK_GET_DRIVE_GEOMETRY_EX Kernel partmgr Pool Memory Disclosure

Microsoft Windows - IOCTLDISKGETDRIVEGEOMETRYEX Kernel partmgr Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1156&desc=2 We have discovered that the handler of the IOCTLDISKGETDRIVEGEOMETRYEX IOCTL in partmgr.sys discloses portions of uninitialized poo...

Microsoft Windows - IOCTL_DISK_GET_DRIVE_LAYOUT_EX Kernel partmgr Pool Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to user-mode clients. The issue can...

Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to user-mode clients. The issue can be reproduced by running the attached...

Microsoft Windows - IOCTL_DISK_GET_DRIVE_LAYOUT_EX Kernel partmgr Pool Memory Disclosure

Microsoft Windows - IOCTLDISKGETDRIVELAYOUTEX Kernel partmgr Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1159 We have discovered that the handler of the IOCTLDISKGETDRIVELAYOUTEX IOCTL in partmgr.sys discloses portions of uninitialized pool memory to...

Microsoft Windows Kernel Information Disclosure Vulnerability (3199709)

This host is missing an important security update according to Microsoft Bulletin MS16-152 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Windows10 Mount Point Mitigation & MS15-0 9 0 bypass-vulnerability warning-the black bar safety net

Symbolic Link vulnerability simple background description Symbolic Link is the Microsoft Windows System on one of the key mechanisms, from Windows NT3. 1 Introduction objects, and registry Symbolic Link, Microsoft from the Windows 2000 start also introduced the NTFS Mount Point and Directory...

Microsoft Windows Kernel Information Disclosure Vulnerability (2839229)

This host is missing an important security update according to Microsoft Bulletin MS13-048. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS13-017: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)

The Windows kernel on the remote host has the following vulnerabilities : - Multiple race condition vulnerabilities exists. CVE-2013-1278, CVE-2013-1279 - A reference count vulnerability exists. CVE-2013-1280 A local attacker could exploit any of these vulnerabilities to elevate privileges. C...

MS12-068: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)

The remote host is running a Windows kernel version that is affected by an integer overflow vulnerability. A local attacker could exploit this to execute arbitrary code with elevated privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62463; scriptversion"1.9"...

MS12-042: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

The remote host is running a Windows kernel version that is affected by multiple elevation of privilege vulnerabilities : - A vulnerability exists in the way that the Windows User Mode Scheduler handles system requests that can be exploited to execute arbitrary code in kernel mode. CVE-2012-0217 ...

MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)

The remote host is running a Windows kernel version that is affected by a denial of service vulnerability involving the code that handles parsing file metadata when browsing a folder. A remote attacker could exploit this issue by tricking a user into opening a folder containing a specially crafte...

Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)

This host is missing an important security update according to Microsoft Bulletin MS10-021. OpenVAS Vulnerability Test $Id: secpodms10-021.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows Kernel Could Allow Elevation of Privilege 979683 Authors: Veerendra G Updated By: Madhuri D on...

Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)

This host is missing a critical security update according to Microsoft Bulletin MS09-058. OpenVAS Vulnerability Test $Id: secpodms09-058.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows Kernel Privilege Escalation Vulnerability 971486 Authors: Nikita MR Updated By: Madhuri D on 2010-11-...

Microsoft Windows TCP/IP协议驱动远程溢出漏洞（MS06-032）

Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows的TCP/IP协议驱动处理特定畸形的IP源路由报文时存在缓冲区溢出漏洞，远程攻击者可以通过发送有Loose Source and Record Route选项的特制ICMP报文触发这个漏洞，导致tcpip.sys或ntoskrnl.exe中出现错误而造成拒绝服务或执行任意指令。 默认情况下，Windows系统的路由及远程访问服务是关闭的，也就是说默认情况下系统不受此漏洞影响。 Microsoft Windows XP SP2 Microsoft Windows XP SP1...

MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit

Exploit for unknown platform in category dos / poc ================================================================ MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit ================================================================ / Windows TCP/IP source routing poc C version... by...