An uninitialized pointer is used by windows kernel when the "FlattenPath" function is called in the middle of a kernel heap exhaustion.
This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption.
This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption.
This module duplicates, modifies and loads a keyboard layout file exploiting a bug in the "xxxKENLSProcs" function of "win32k.sys".
An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages. This module exploits the vulnerability, and installs an agent running as a medium integrity level process.
When the "DisplayConfigGetDeviceInfo" function is called with crafted parameters a heap overflow is produced into Windows kernel.
When a crafted ".TTF" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header.
This module exploits incorrect access control lists (ACLs) on the Registry keys for the Tracing Feature for Services. By modifying the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc Registry key, it is possible for a limited account with impersonation privileges to force a SYSTEM service (IpHlpSvc) to connect to a controlled named pipe, and then impersonate IpHlpSvc in order to run arbitrary code with SYSTEM privileges. This module allows an agent running under an account with impersonation rights, like NETWORK SERVICE (for example, an agent running with the privileges of IIS 7.0 Worker Process on Windows Server 2008 SP2) to gain SYSTEM privileges.
This module exploits a vulnerability in the way that Microsoft Windows manages the RPCSS service and improperly isolates processes running under the NetworkService or LocalService accounts. This can be exploited to execute arbitrary code with System privileges.