This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests.

This module exploits a memory corruption vulnerability in Norman Security Suite Nprosec.sys driver when handling IOCTL 0x00220210. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. This module will elevate the privileges of the current agent instead of installing a new one.

After successful exploitation an agent will be installed. The process being exploited is the winlogon process. Execute the 'RevertToSelf' module after exploitation to get SYSTEM access.

This module exploits a vulnerability in "wins.exe" sending crafted UDP packets to the WINS-RPC local port.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.

An uninitialized pointer is used by windows kernel when the "FlattenPath" function is called in the middle of a kernel heap exhaustion.

This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption.

This module duplicates, modifies and loads a keyboard layout file exploiting a bug in the "xxxKENLSProcs" function of "win32k.sys".