The Windows NT operating system kernel executable (ntoskrnl.exe) present in Microsoft Windows is vulnerable to a race condition, which can result in arbitrary memory write. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges. The steps performed by the exploit are: Discover an exploit primitive Perform heap feng shui to come up with a memory layout Allocate enough "GOLD" objects using the GetUIDllName function Free some of them to create some holes using the FreeDiagInstance function Allocate a worker "GOLD" object to trigger the use-after-free vulnerability Delete the "RequestMakeCall" key value and create a REG_BINARY type key with controlled content. Then, I allocate some key value heaps to ensure they occupy the hole left by the worker object XFG mitigation
CVE Link
Exploit Platform
Exploit Type
Product Name