📄 Backdoor.Win32.Poison.jh Remote File Hijack

This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...

📄 Backdoor.Win32.Poison.jh MVID-2025-0704 Insecure Permissions

Backdoor.Win32.Poison.jh malware creates the directory 28463 under C:\Windows\SysWOW64, granting Full F permissions to the Everyone user group. This allows any local user to modify or replace any dropped files, enabling trivial malware disruption or execution hijacking. This reflects poor...

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Read

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple records which deal with DIBs Device Independent Bitmaps. Examples of such...