This module takes advantage of an insufficient library path check in spoolsv.exe service to load a dll from an arbitrary directory with System user privileges.
The On-Screen Keyboard application of Microsoft Windows is prone to a privilege escalation vulnerability when handling mouse input originated from a process running with Low Integrity Level. This vulnerability allows an agent running with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level, by sending mouse input to the On-Screen Keyboard when its input mode is set to "Hover over keys".
The MQ Access Control Driver (mqac.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x1965020F) to the vulnerable driver.
This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters.
Incorrect assumptions in the support code of legacy 16bit applications in Microsoft Windows operating systems allows local users to gain system privileges via the "NtVdmControl" system call.
When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow. This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header.
This module exploits a stack overflow on kernel mode on win32k.sys via an unspecified desktop parameter.
This exploits sets the command history number in a value greater than 0x7fff. When a new command is sent to "cmd.exe", a CSRSS memory corruption is produced and the CSRSS process control is taken.
An error in the way that the Windows kernel handles string atoms when registering a new window class allows unprivileged users to re-register atoms of privileged applications. This vulnerability can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges. This exploit will lock the machine screen (similar to pressing Ctrl+Alt+Del and then clicking on 'Lock this computer'), and the windows theming will be disabled until the machine is restarted.
This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.