Afd.sys module present in Microsoft Windows is vulnerable to a race condition during buffer management, where a temporary reference counter increment is improperly handled, leading to use-after-free scenarios. This occurs when accessing registered buffers for send/receive operations. The steps performed by the exploit are: Creates corrupt kernel structures Gets arbitrary read/write primitives Steals token for privilege escalation Restores system state Creates a new agent process running as SYSTEM
CVE Link
Exploit Platform
Exploit Type
Product Name