Microsoft Windows Uninitialized Variable Local Privilege Escalation

Posted on 16 October 2020

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user. This module has been tested against Windows 7 x64 SP1. Offsets within the exploit code may need to be adjusted to work with other versions of Windows. The exploit can only be triggered once against the target and can cause the target machine to reboot when the session is terminated.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

pgAdmin 8.3 Remote Code Execution
Palo Alto OS Command Injection
Backdoor.Win32.Dumador.c MVID-2024-0679 Buffer Overflow
Centreon 23.10-1.el8 SQL Injection
Stock Management System 1.0 SQL Injection

Last 20