This module exploits a vulnerability on "wins.exe" sending a DNS request packet followed by a RESET connection. When the WINS service tries to answer this request, the "send" function fails and an exception is produced triggering the bug. At the end, the WINS port ( port 42 ) is verified to know if the service is listening or it was broken.
This module causes a BSOD in Microsoft Windows when parsing a specially crafted OpenType font file. Only x64 systems are affected by this vulnerability.
This module exploits a vulnerability on win32k.sys sending a crafted message from user to kernel.
When the "RFONTOBJ::bTextExtent" function located in win32k.sys ( Windows kernel ) uses to divide one crafted parameter sent from user, the final result is a "divide error exception" that produces a BSoD.
The function win32k!IsHandleEntrySecure() doesn't properly check if 'pW32Job' field of 'tagPROCESSINFO' structure for current process contains non-zero value. This allows unprivileged local user to cause null dereference in kernel mode, which produces a BSoD.
This module exploits a vulnerability in win32k.sys when a crafted OTF file is open by Internet Explorer. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
When a crafted TTF file is processed by Windows kernel it produces a integer overflow finishing it in a BSoD.
When the win32k.NtGdiScaleViewportExtEx function uses to divide one crafted parameter sent from user, the final result is a "divide error exception" that produces a BSoD.
A double free condition in win32k.sys can be triggered by first linking and then destroying a set of Cursor Objects. This allows unprivileged local user to cause null dereference in kernel mode, which produces a BSoD.
The vulnerability is caused due to a WSD message with a long header value, this can lead to memory corruption within the process hosting WSDApi.dll. This can cause the service or application to crash. To be clear, the vulnerability is in the Windows module used to interact with devices that support Web Services on Devices, and does not affect the devices themselves.