This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.



This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.



This update adds support for x86-64 platforms.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.

This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings.



This update adds support for Ubuntu 14.04.

On x86_64 Intel CPUs, sysret to a non-canonical address causes a fault on the sysret instruction itself after the stack pointer has been set to a usermode-controlled value, but before the current privilege level (CPL) is changed.

A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities.

This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system.

This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.



This update adds support to Impact 2014 R2.

This module allows an agent running in the context of AcroRd32.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.

This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.



This module adds support to Microsoft Windows 2003, Windows Vista, Windows 2008 and Windows 8.1

The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS.

The IESetProtectedModeRegKeyOnly() function in the ieframe.dll library of Microsoft Internet Explorer calls the RegCreateKeyEx registry function when running with Medium Integrity Level over a registry key that is writable by a sandboxed IE instance.

This can be abused to overwrite IE's Elevation Policy by creating symbolic links in the Windows Registry in order to escape from the Internet Explorer Protected Mode sandbox.



This module allows an agent running in the context of iexplore.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.