Published: 13/10/2021 Updated: 08/08/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 414

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Windows Server 2008

Win32k Elevation of Privilege Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2008 r2
microsoft windows server 2012 r2
microsoft windows 10 1607
microsoft windows 8.1 -
microsoft windows server 2016 -
microsoft windows server 2008 -
microsoft windows 7 -
microsoft windows rt 8.1 -
microsoft windows server 2012 -
microsoft windows 10 -
microsoft windows server 2019 -
microsoft windows 10 1809
microsoft windows 10 1909
microsoft windows 10 2004
microsoft windows server 2016 2004
microsoft windows 10 20h2
microsoft windows 10 21h1
microsoft windows server 2022 -
microsoft windows server 20h2
microsoft windows 11

A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM The flaw exists due to the fact that this function calls hdcOpenDCW(), which performs a user mode callback During this callback, attackers can call the NtGdiResetDC() function ...

CVE-2021-40449-NtGdiResetDC-UAF A POC for CVE-2021-40449 Only tested on 1809, the code is a bit rough, but it's a good experience for me Instead of using the ThreadName method, user-space memory allocation is used

简体中文 | English Viper(炫彩蛇)是一款图形化内网渗透工具,将内网渗透过程中常用的战术及技术进行模块化及武器化 Viper(炫彩蛇)集成杀软绕过,内网隧道,文件管理,命令行等基础功能 Viper(炫彩蛇)当前已集成70+个模块,覆盖初始访问/持久化/权限提升/防御绕过/凭证访问/信息收集/横向移动�

Redteam operation platform with webui 图形化红队行动辅助平台

Some of my personal automation shell scripts.

Shell-Scripts Some of my personal automation shell scripts Details of all scripts Sub-Enumsh Syntax --> /Sub-Enumsh < filename containing all domains > This script takes a file containing all domains and enumerate subdomains for each of them using multiple tools as Subfinder , Assetfinder , Amass Then after sorting them it check for alive subdomains a

HEVD && CVE Exploit

Kernel_Exploit _ __ _ _____ _ _ _ | |/ / ___ _ __ _ __ ___ | | | ____| __ __ _ __ | | ___ (_) | |_ | ' / / _ \ | '__| | '_ \ / _ \ | | | _| \ \/ / | '_ \ | | / _ \ | | | __| | \ | __/ | | | | | | | __/ | | | |___ &

Using CVE-2021-40449 to manual map kernel mode driver

voidmap A very simple driver manual mapper that exploits CVE-2021-40449 to get arbitrary function executed at a given address with a single given argument It's based on an expoit PoC CallbackHell Tested on Windows 10 Pro For Workstations 1809 17763379 (64-bit), but realistically anything around that time should be supported It does the following: Disables SMEP (and po

windows 10 14393 LPE

CVE-2021-40449-Exploit olny worker on windows 10 14393,and windows 10 17763 Use Palette to Spay and RtlSetAllBits to Write

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation The vulnerability was found in the wild by Kaspersky The discovered exploit was written to support the following Windows products: Microsoft Windows Vista Micr

update CVE-2021-40449

Exploit for CVE-2021-40449

CVE-2021-40449 More info here: kristal-ggithubio/2021/11/05/CVE-2021-40449_POChtml Compiling I did a bit of a hack with the MinHook library so it supports (somewhat partially) the 2019 Platform Toolset That's why I included the lib files with this repo Windows Version Adapting To adapt this repo to another Windows build you have to fix: ntoskrnlexe gadgets o

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

Github Security Daily Repository.

Git-Daily Github Security Daily Repository Github 推出star项目分组功能，本repo无存在的必要，停止更新尝试记录github项目并添加关键词便于检索 -- 20211126 githubcom/busterb/msmailprobe Office 365 and Exchange爆破工具(go) githubcom/scareing/UAC_wenpon 包含常用的几种UAC bypass技术，win7-win10 ,同时拥有一�

Cybersecurity-Handbooks Information Gathering Table of Contents Amass Banner Grabbing Common Ports dmitry DMARC DNS dnsenum dnsrecon Enyx finger MASSCAN memcached Naabu netdiscover NetBIOS Nmap onesixtyone Outlook Web Access (OWA) Port Scanning SMTP SNMP snmp-check SNMP-MIBS-Downloader snmpwalk SPF sslscan sslyze subfinder tcpdump Time To Live (TTL) and TCP Window Size Values

LPE exploit for a UAF in Windows (CVE-2021-40449).

CVE-2021-40449 My exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal short wu along with the UAF vulnerabilty other primitives are being used to make this exploit possible: leaking the exploit's access token address in ring0 via NtQuerySystemInformation() function with the SystemHandleInformation parameter using rtlSetAllBits() as a gad

Updated MATA attacks industrial companies in Eastern Europe

Securelist • GReAT • 18 Oct 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an int...

CVE-2021-40449

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect