This module exploits a memory corruption vulnerability in the Linux kernel. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption that can be used by an attacker to escalate privileges.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a signedness error condition in the Linux Kernel via PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled.



The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to escalate privileges.

This module exploits a double-free vulnerability in the Linux Kernel. The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to escalate privileges via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

This module exploits a signedness issue in the Linux Kernel. The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to escalate privileges.

An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process.

This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process.

Viscosity for Windows suffers from a privilege escalation vulnerability. By abusing the named pipe configuration channel between the client and the underlying service, a local attacker can gain SYSTEM privileges.

This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges.



This update adds support to Windows 2008 (32 and 64 bits) and Windows 2008 R2 (64 bits)

This module exploits a vulnerability in win32k.sys by loading a Printer Font Metric (PFM) file associated to an empty Printer Font Binary (PFB) file.

This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges.