# Windows CVEs for Privilege Escalation

## WindowsPrivilegeEscalation

[![](https://camo.githubusercontent.com/bca30f856f71de153de87358704918c4e68112848e080617db5fc5d0a4760514/68747470733a2f2f76697369746f722d62616467652e676c697463682e6d652f62616467653f706167655f69643d68747470733a2f2f6769746875622e636f6d2f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e2f524541444d452e6d64)](https://camo.githubusercontent.com/bca30f856f71de153de87358704918c4e68112848e080617db5fc5d0a4760514/68747470733a2f2f76697369746f722d62616467652e676c697463682e6d652f62616467653f706167655f69643d68747470733a2f2f6769746875622e636f6d2f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e2f524541444d452e6d64) [![](https://camo.githubusercontent.com/b8f10d7ffcd49112ba831dd838bfeb34591df541f72c3a8fa227a8d37bbf0137/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/b8f10d7ffcd49112ba831dd838bfeb34591df541f72c3a8fa227a8d37bbf0137/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e) [![](https://camo.githubusercontent.com/2de93790014e371870a9179043fbd7a8cbbf97ab803f3987876276c1009da629/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/2de93790014e371870a9179043fbd7a8cbbf97ab803f3987876276c1009da629/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e) [![](https://camo.githubusercontent.com/dbbe585f1b7824584fd15f3870d5704b18d022dad634d4992220917a44a9d8d4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/dbbe585f1b7824584fd15f3870d5704b18d022dad634d4992220917a44a9d8d4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e) [![](https://camo.githubusercontent.com/bfddc2da1acb2399fc121ecc807ff194ea19a6a92a26dcf2ab1f90f1a6d05a6d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/bfddc2da1acb2399fc121ecc807ff194ea19a6a92a26dcf2ab1f90f1a6d05a6d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)

[![](https://camo.githubusercontent.com/df9302ef8dcdc86277bce11b676b7b3be281b2083c684fa3c9b2ebaa1ee9fb3e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f636f6d6d69742d61637469766974792f6d2f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/df9302ef8dcdc86277bce11b676b7b3be281b2083c684fa3c9b2ebaa1ee9fb3e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f636f6d6d69742d61637469766974792f6d2f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e) [![](https://camo.githubusercontent.com/386d7b314735f6aca25fb050081ebb06c544f107e0d33e2e3fcd0705469a1629/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6173742d636f6d6d69742f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/386d7b314735f6aca25fb050081ebb06c544f107e0d33e2e3fcd0705469a1629/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6173742d636f6d6d69742f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e) [![](https://camo.githubusercontent.com/e547ac9f7dc49478715ed91b4ba39da0ea9a062cc79373f0b949aa7ef7dac434/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f7265706f2d73697a652f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)](https://camo.githubusercontent.com/e547ac9f7dc49478715ed91b4ba39da0ea9a062cc79373f0b949aa7ef7dac434/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f7265706f2d73697a652f7963647873622f57696e646f777350726976696c656765457363616c6174696f6e)

> A collection of Windows Privilege Escalation vulnerabilities (Analyse / PoC / Exp )
>
> Based on:
>
> * [PocOrExp\_in\_Github](https://github.com/ycdxsb/PocOrExp_in_Github/)
> * [KernelHub](https://github.com/Ascotbe/Kernelhub)
> * [Windows\_kernel\_exploits](https://github.com/SecWiki/windows-kernel-exploits)
> * [exploitdb](https://github.com/offensive-security/exploitdb/tree/master/exploits)

[PDF版本](https://github.com/ycdxsb/WindowsPrivilegeEscalation/releases/download/20211223/README.pdf)

* [2021](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2021)
  * [CVE-2021-43883/CVE-2021-41379](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-43883cve-2021-41379)
  * [CVE-2021-43224](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-43224)
  * [CVE-2021-42278/CVE-2021-42278](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-42278cve-2021-42278)
  * [CVE-2021-40449](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-40449)
  * [CVE-2021-40444](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-40444)
  * [CVE-2021-38639](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-38639)
  * [CVE-2021-36934](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-36934)
  * [CVE-2021-34527](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-34527)
  * [CVE-2021-34486](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-34486)
  * [CVE-2021-33739](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-33739)
  * [CVE-2021-31956](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-31956)
  * [CVE-2021-28310](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-28310)
  * [CVE-2021-26868](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-26868)
  * [CVE-2021-24096](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-24096)
  * [CVE-2021-21551](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-21551)
  * [CVE-2021-1732](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2021-1732)
* [2020](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2020)
  * [CVE-2020-17087](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-17087)
  * [CVE-2020-17057](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-17057)
  * [CVE-2020-16898](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-16898)
  * [CVE-2020-1362](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1362)
  * [CVE-2020-1350](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1350)
  * [CVE-2020-1337](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1337)
  * [CVE-2020-1313](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1313)
  * [CVE-2020-1301](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1301)
  * [CVE-2020-1066](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1066)
  * [CVE-2020-1054](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1054)
  * [CVE-2020-1048](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1048)
  * [CVE-2020-1034](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1034)
  * [CVE-2020-1015](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-1015)
  * [CVE-2020-0883](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0883)
  * [CVE-2020-0814](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0814)
  * [CVE-2020-0796](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0796)
  * [CVE-2020-0787](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0787)
  * [CVE-2020-0754](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0754)
  * [CVE-2020-0753](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0753)
  * [CVE-2020-0683](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0683)
  * [CVE-2020-0668](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0668)
  * [CVE-2020-0624](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0624)
  * [CVE-2020-0610](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0610)
  * [CVE-2020-0609](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2020-0609)
* [2019](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2019)
  * [CVE-2019-1477](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1477)
  * [CVE-2019-1476](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1476)
  * [CVE-2019-1458](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1458)
  * [CVE-2019-1422](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1422)
  * [CVE-2019-1405](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1405)
  * [CVE-2019-1388](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1388)
  * [CVE-2019-1385](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1385)
  * [CVE-2019-1322](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1322)
  * [CVE-2019-1315](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1315)
  * [CVE-2019-1253](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1253)
  * [CVE-2019-1215](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1215)
  * [CVE-2019-1132](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1132)
  * [CVE-2019-1129/1130](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-11291130)
  * [CVE-2019-1064](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1064)
  * [CVE-2019-1040](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-1040)
  * [CVE-2019-0986](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-0986)
  * [CVE-2019-0863](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-0863)
  * [CVE-2019-0859](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-0859)
  * [CVE-2019-0803](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-0803)
  * [CVE-2019-0708](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-0708)
  * [CVE-2019-0623](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2019-0623)
* [2018](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2018)
  * [CVE-2018-8639](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-8639)
  * [CVE-2018-8453](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-8453)
  * [CVE-2018-8440](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-8440)
  * [CVE-2018-8414](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-8414)
  * [CVE-2018-8120](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-8120)
  * [CVE-2018-7249](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-7249)
  * [CVE-2018-1038](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-1038)
  * [CVE-2018-0886](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-0886)
  * [CVE-2018-0824](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2018-0824)
* [2017](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2017)
  * [CVE-2017-11783](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-11783)
  * [CVE-2017-8543](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-8543)
  * [CVE-2017-8465](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-8465)
  * [CVE-2017-8464](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-8464)
  * [CVE-2017-7269](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-7269)
  * [CVE-2017-0290](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0290)
  * [CVE-2017-0263](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0263)
  * [CVE-2017-0213](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0213)
  * [CVE-2017-0143 (MS17-010)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0143-ms17-010)
  * [CVE-2017-0101 (MS17-017)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0101-ms17-017)
  * [CVE-2017-0100 (MS17-012)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0100-ms17-012)
  * [CVE-2017-0005 (MS17-013)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2017-0005-ms17-013)
* [2016](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2016)
  * [CVE-2016-7255 (MS16-135)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-7255-ms16-135)
  * [CVE-2016-3371 (MS16-111)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-3371-ms16-111)
  * [CVE-2016-3308/3309 (MS16-098)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-33083309-ms16-098)
  * [CVE-2016-3225 (MS16-075)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-3225-ms16-075)
  * [CVE-2016-0099 (MS16-032)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-0099-ms16-032)
  * [CVE-2016-0095 (MS16-034)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-0095-ms16-034)
  * [CVE-2016-0051 (MS16-016)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-0051-ms16-016)
  * [CVE-2016-0041 (MS16-014)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2016-0041-ms16-014)
* [2015](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2015)
  * [CVE-2015-2546 (MS15-097)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-2546-ms15-097)
  * [CVE-2015-2387 (MS15-077)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-2387-ms15-077)
  * [CVE-2015-2370 (MS15-076)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-2370-ms15-076)
  * [CVE-2015-1726 (MS15-061)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-1726-ms15-061)
  * [CVE-2015-1701 (MS15-051)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-1701-ms15-051)
  * [CVE-2015-0062 (MS15-015)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-0062-ms15-015)
  * [CVE-2015-0057 (MS15-010)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-0057-ms15-010)
  * [CVE-2015-0003 (MS15-010)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-0003-ms15-010)
  * [CVE-2015-0002 (MS15-001)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2015-0002-ms15-001)
* [2014](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2014)
  * [CVE-2014-6324 (MS14-068)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2014-6324-ms14-068)
  * [CVE-2014-6321 (MS14-066)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2014-6321-ms14-066)
  * [CVE-2014-4113 (MS14-058)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2014-4113-ms14-058)
  * [CVE-2014-4076 (MS14-070)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2014-4076-ms14-070)
  * [CVE-2014-1767 (MS14-040)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2014-1767-ms14-040)
* [2013](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2013)
  * [CVE-2013-5065 (MS14-002)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2013-5065-ms14-002)
  * [CVE-2013-1345 (MS13-053)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2013-1345-ms13-053)
  * [CVE-2013-1332 (MS13-046)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2013-1332-ms13-046)
  * [CVE-2013-1300 (MS13-053)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2013-1300-ms13-053)
  * [CVE-2013-0008 (MS13-005)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2013-0008-ms13-005)
* [2012](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2012)
  * [CVE-2012-0217 (MS12-042)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2012-0217-ms12-042)
  * [CVE-2012-0152 (MS12-020)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2012-0152-ms12-020)
  * [CVE-2012-0002 (MS12-020)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2012-0002-ms12-020)
* [2011](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2011)
  * [CVE-2011-2005 (MS11-080)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2011-2005-ms11-080)
  * [CVE-2011-1974 (MS11-062)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2011-1974-ms11-062)
  * [CVE-2011-1249 (MS11-046)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2011-1249-ms11-046)
  * [CVE-2011-1237 (MS11-034)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2011-1237-ms11-034)
  * [CVE-2011-0045 (MS11-011)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2011-0045-ms11-011)
* [2010](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2010)
  * [CVE-2010-3338 (MS10-092)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-3338-ms10-092)
  * [CVE-2010-2730 (MS10-065)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-2730-ms10-065)
  * [CVE-2010-2554 (MS10-059)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-2554-ms10-059)
  * [CVE-2010-1897 (MS10-048)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-1897-ms10-048)
  * [CVE-2010-1887 (MS10-048)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-1887-ms10-048)
  * [CVE-2010-0270 (MS10-020)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-0270-ms10-020)
  * [CVE-2010-0233 (MS10-015)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-0233-ms10-015)
  * [CVE-2010-0020 (MS10-012)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2010-0020-ms10-012)
* [2009](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2009)
  * [CVE-2009-2532 (MS09-050)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2009-2532-ms09-050)
  * [CVE-2009-1535 (MS09-020)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2009-1535-ms09-020)
  * [CVE-2009-0229 (MS09-022)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2009-0229-ms09-022)
  * [CVE-2009-0079 (MS09-012)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2009-0079-ms09-012)
* [2008](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2008)
  * [CVE-2008-4250 (MS08-067)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2008-4250-ms08-067)
  * [CVE-2008-4037 (MS08-068)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2008-4037-ms08-068)
  * [CVE-2008-3464 (MS08-066)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2008-3464-ms08-066)
  * [CVE-2008-1084 (MS08-025)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2008-1084-ms08-025)
* [2007](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2007)
  * [CVE-2007-0843](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2007-0843)
  * [CVE-2007-0038](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2007-0038)
* [2006](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2006)
  * [CVE-2006-3439 (MS06-040)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2006-3439-ms06-040)
* [2005](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2005)
  * [CVE-2005-1983 (MS05-039)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2005-1983-ms05-039)
* [2003](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2003)
  * [CVE-2003-0352 (MS03-026)](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2003-0352-ms03-026)
* [2000](https://github.com/ycdxsb/WindowsPrivilegeEscalation#2000)
  * [CVE-2000-0979](https://github.com/ycdxsb/WindowsPrivilegeEscalation#cve-2000-0979)

## 2021

### CVE-2021-43883/CVE-2021-41379

> Windows Installer Elevation of Privilege Vulnerability

* **Analyse**
  * <https://attackerkb.com/topics/7LstI2clmF/cve-2021-41379/rapid7-analysis>
* **Exp**
  * <https://github.com/klinix5/InstallerFileTakeOver> : [![starts](https://camo.githubusercontent.com/6aaee1a8fb4c17200a6bc3381a2345b7d247f34598d70d93be4869a18daa71ff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c696e6978352f496e7374616c6c657246696c6554616b654f7665722e737667)](https://camo.githubusercontent.com/6aaee1a8fb4c17200a6bc3381a2345b7d247f34598d70d93be4869a18daa71ff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c696e6978352f496e7374616c6c657246696c6554616b654f7665722e737667) [![forks](https://camo.githubusercontent.com/e6a8539d7e5f16a13ccd50d114a5122dc60a4ca0726b944c74daec67b050f1f9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c696e6978352f496e7374616c6c657246696c6554616b654f7665722e737667)](https://camo.githubusercontent.com/e6a8539d7e5f16a13ccd50d114a5122dc60a4ca0726b944c74daec67b050f1f9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c696e6978352f496e7374616c6c657246696c6554616b654f7665722e737667)
  * <https://github.com/jbaines-r7/shakeitoff> : [![starts](https://camo.githubusercontent.com/c1e9f2de7580a325c0b31e8f76a17ea15be997000ab548cb28e9d74c1f922b2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6261696e65732d72372f7368616b6569746f66662e737667)](https://camo.githubusercontent.com/c1e9f2de7580a325c0b31e8f76a17ea15be997000ab548cb28e9d74c1f922b2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6261696e65732d72372f7368616b6569746f66662e737667) [![forks](https://camo.githubusercontent.com/71d61618a909e2cb9b1eced607bccc20bfb7d2abb7e9fcd9cc0899797cae7091/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6261696e65732d72372f7368616b6569746f66662e737667)](https://camo.githubusercontent.com/71d61618a909e2cb9b1eced607bccc20bfb7d2abb7e9fcd9cc0899797cae7091/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6261696e65732d72372f7368616b6569746f66662e737667)

### CVE-2021-43224

> Windows Common Log File System Driver Information Disclosure Vulnerability

* **PoC**
  * <https://github.com/KaLendsi/CVE-2021-43224-POC> : [![starts](https://camo.githubusercontent.com/3e60e3805b573996a4093796300eb4c0c0a2018b202c5828d5782311088b5a69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d34333232342d504f432e737667)](https://camo.githubusercontent.com/3e60e3805b573996a4093796300eb4c0c0a2018b202c5828d5782311088b5a69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d34333232342d504f432e737667) [![forks](https://camo.githubusercontent.com/e59d6e3404d912c1694ad8e57a283b4d1db77bb7fc52de92ea7ea8744aff6beb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d34333232342d504f432e737667)](https://camo.githubusercontent.com/e59d6e3404d912c1694ad8e57a283b4d1db77bb7fc52de92ea7ea8744aff6beb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d34333232342d504f432e737667)

### CVE-2021-42278/CVE-2021-42278

> Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291.

* **Analyse**
  * <https://xz.aliyun.com/t/10666>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/cube0x0/noPac> : [![starts](https://camo.githubusercontent.com/e192d0d65111b313c2aeb282c900371a5b5c0293ab99dcfd783b8167d548ccf4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f637562653078302f6e6f5061632e737667)](https://camo.githubusercontent.com/e192d0d65111b313c2aeb282c900371a5b5c0293ab99dcfd783b8167d548ccf4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f637562653078302f6e6f5061632e737667) [![forks](https://camo.githubusercontent.com/84e283a604ed0fba0ef7026e3c64c482d0cd28eb6be9418a496128bba66eb2ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f637562653078302f6e6f5061632e737667)](https://camo.githubusercontent.com/84e283a604ed0fba0ef7026e3c64c482d0cd28eb6be9418a496128bba66eb2ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f637562653078302f6e6f5061632e737667)
  * <https://github.com/WazeHell/sam-the-admin> : [![starts](https://camo.githubusercontent.com/67781e53925001df952d3114309510e8a4cdeacee07a62f502f35f8200c51e3a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f57617a6548656c6c2f73616d2d7468652d61646d696e2e737667)](https://camo.githubusercontent.com/67781e53925001df952d3114309510e8a4cdeacee07a62f502f35f8200c51e3a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f57617a6548656c6c2f73616d2d7468652d61646d696e2e737667) [![forks](https://camo.githubusercontent.com/e51d80d8425520ca3bff685359429227dedaf4462420f222ea5972402655ccd6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f57617a6548656c6c2f73616d2d7468652d61646d696e2e737667)](https://camo.githubusercontent.com/e51d80d8425520ca3bff685359429227dedaf4462420f222ea5972402655ccd6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f57617a6548656c6c2f73616d2d7468652d61646d696e2e737667)
  * <https://github.com/ly4k/Pachine> : [![starts](https://camo.githubusercontent.com/2d495e65cc966303093d5850a2b7832cca70cb3c758cb4a726759ce890c2d143/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c79346b2f50616368696e652e737667)](https://camo.githubusercontent.com/2d495e65cc966303093d5850a2b7832cca70cb3c758cb4a726759ce890c2d143/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c79346b2f50616368696e652e737667) [![forks](https://camo.githubusercontent.com/f3707d96b7c8fa4378d598380f8a78f750c84c09f355179610f1a7a5e6a34db2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c79346b2f50616368696e652e737667)](https://camo.githubusercontent.com/f3707d96b7c8fa4378d598380f8a78f750c84c09f355179610f1a7a5e6a34db2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c79346b2f50616368696e652e737667)
  * <https://github.com/Ridter/noPac> : [![starts](https://camo.githubusercontent.com/5eda55c269aaa5d2b209d8bccdb819bd4736c5225e64a57e3ed542b8a65d646d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5269647465722f6e6f5061632e737667)](https://camo.githubusercontent.com/5eda55c269aaa5d2b209d8bccdb819bd4736c5225e64a57e3ed542b8a65d646d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5269647465722f6e6f5061632e737667) [![forks](https://camo.githubusercontent.com/f17d859eb87e9cd0f9dcb7e2c8112572a7a44afb798b79edae36a06313258db2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5269647465722f6e6f5061632e737667)](https://camo.githubusercontent.com/f17d859eb87e9cd0f9dcb7e2c8112572a7a44afb798b79edae36a06313258db2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5269647465722f6e6f5061632e737667)
  * <https://github.com/waterrr/noPac> : [![starts](https://camo.githubusercontent.com/f77c7bc1a440f73fccd114abd034f0c1953c5b65c14e4e80f416b9aecb03a8cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f776174657272722f6e6f5061632e737667)](https://camo.githubusercontent.com/f77c7bc1a440f73fccd114abd034f0c1953c5b65c14e4e80f416b9aecb03a8cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f776174657272722f6e6f5061632e737667) [![forks](https://camo.githubusercontent.com/e846c7f353eaf5ae0db602bd19e6a361eed8b3b058436d5f1d11c28886777a06/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f776174657272722f6e6f5061632e737667)](https://camo.githubusercontent.com/e846c7f353eaf5ae0db602bd19e6a361eed8b3b058436d5f1d11c28886777a06/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f776174657272722f6e6f5061632e737667)

### CVE-2021-40449

> Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.

* **Analyse**
  * <https://www.secrss.com/articles/35266>
  * <https://bbs.pediy.com/thread-269930.htm>
  * <https://www.freebuf.com/articles/paper/292528.html>
* **PoC**
  * <https://github.com/ly4k/CallbackHell> : [![starts](https://camo.githubusercontent.com/f7f1e3bb612b9305c16225a061405056dba5a16603b8a62d31e0e819acf6c557/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c79346b2f43616c6c6261636b48656c6c2e737667)](https://camo.githubusercontent.com/f7f1e3bb612b9305c16225a061405056dba5a16603b8a62d31e0e819acf6c557/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c79346b2f43616c6c6261636b48656c6c2e737667) [![forks](https://camo.githubusercontent.com/78d20fd98f619b4f7125150c3b3a6ba0c9ee4483a12d0204342a87c7e402eaf0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c79346b2f43616c6c6261636b48656c6c2e737667)](https://camo.githubusercontent.com/78d20fd98f619b4f7125150c3b3a6ba0c9ee4483a12d0204342a87c7e402eaf0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c79346b2f43616c6c6261636b48656c6c2e737667)
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/KaLendsi/CVE-2021-40449-Exploit> : [![starts](https://camo.githubusercontent.com/a6b4d960e42170a133b06c2b658b76b8cabbcfb6ef9a1c27920e82cf45ef640b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d34303434392d4578706c6f69742e737667)](https://camo.githubusercontent.com/a6b4d960e42170a133b06c2b658b76b8cabbcfb6ef9a1c27920e82cf45ef640b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d34303434392d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/19a2ce5d14d24571b36459a0c5e5c430163f1b04f27a47f1d74e04da381a50f5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d34303434392d4578706c6f69742e737667)](https://camo.githubusercontent.com/19a2ce5d14d24571b36459a0c5e5c430163f1b04f27a47f1d74e04da381a50f5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d34303434392d4578706c6f69742e737667)
  * <https://github.com/hakivvi/CVE-2021-40449> : [![starts](https://camo.githubusercontent.com/6ad9818e6b50818c7a32d36625b9d7020b1193a5005e8857e0c348c6dd89f0b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b697676692f4356452d323032312d34303434392e737667)](https://camo.githubusercontent.com/6ad9818e6b50818c7a32d36625b9d7020b1193a5005e8857e0c348c6dd89f0b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616b697676692f4356452d323032312d34303434392e737667) [![forks](https://camo.githubusercontent.com/bf1ed88bdd494f059206d8fbd72b59e2141daca691ebcd4251dd2098153158bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f68616b697676692f4356452d323032312d34303434392e737667)](https://camo.githubusercontent.com/bf1ed88bdd494f059206d8fbd72b59e2141daca691ebcd4251dd2098153158bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f68616b697676692f4356452d323032312d34303434392e737667)

### CVE-2021-40444

> Microsoft MSHTML Remote Code Execution Vulnerability

* **Analyse**
  * <https://paper.seebug.org/1718/>
  * <https://bbs.pediy.com/thread-270017.htm>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/lockedbyte/CVE-2021-40444> : [![starts](https://camo.githubusercontent.com/81df2e61490ca11ba094cd8109239b708a4bb96ab7e9dc2d4362235e18bd7202/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c6f636b6564627974652f4356452d323032312d34303434342e737667)](https://camo.githubusercontent.com/81df2e61490ca11ba094cd8109239b708a4bb96ab7e9dc2d4362235e18bd7202/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c6f636b6564627974652f4356452d323032312d34303434342e737667) [![forks](https://camo.githubusercontent.com/25a002be99cbfb450dbd8b01ae3311c478c5987e6c5ff946345a8fd80798535b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c6f636b6564627974652f4356452d323032312d34303434342e737667)](https://camo.githubusercontent.com/25a002be99cbfb450dbd8b01ae3311c478c5987e6c5ff946345a8fd80798535b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c6f636b6564627974652f4356452d323032312d34303434342e737667)
  * <https://github.com/klezVirus/CVE-2021-40444> : [![starts](https://camo.githubusercontent.com/737a8acebdcdc75a9677ef21fbeffaf9939c36744d12c000cc8c81a9d8e84f17/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c657a56697275732f4356452d323032312d34303434342e737667)](https://camo.githubusercontent.com/737a8acebdcdc75a9677ef21fbeffaf9939c36744d12c000cc8c81a9d8e84f17/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c657a56697275732f4356452d323032312d34303434342e737667) [![forks](https://camo.githubusercontent.com/09bd010b6dc49feb51c130fc5b04ab423ee8e5f287737e0d4971d6c809d6e3ef/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c657a56697275732f4356452d323032312d34303434342e737667)](https://camo.githubusercontent.com/09bd010b6dc49feb51c130fc5b04ab423ee8e5f287737e0d4971d6c809d6e3ef/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c657a56697275732f4356452d323032312d34303434342e737667)

### CVE-2021-38639

> Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.

* **PoC**
  * <https://github.com/DarkSprings/CVE-2021-38639> : [![starts](https://camo.githubusercontent.com/1a34cc1d61b474088878800fecb097bc4708e109c501cf715bdfb8fcd0844f51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4461726b537072696e67732f4356452d323032312d33383633392e737667)](https://camo.githubusercontent.com/1a34cc1d61b474088878800fecb097bc4708e109c501cf715bdfb8fcd0844f51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4461726b537072696e67732f4356452d323032312d33383633392e737667) [![forks](https://camo.githubusercontent.com/39e40728936e0980a49d5759806444a0d4f7bdc53ce07d9745d55c5e8ec0ab71/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4461726b537072696e67732f4356452d323032312d33383633392e737667)](https://camo.githubusercontent.com/39e40728936e0980a49d5759806444a0d4f7bdc53ce07d9745d55c5e8ec0ab71/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4461726b537072696e67732f4356452d323032312d33383633392e737667)

### CVE-2021-36934

> Windows Elevation of Privilege Vulnerability

* **Analyse**
  * <https://www.jianshu.com/p/979ea7a93531>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/cube0x0/CVE-2021-36934> : [![starts](https://camo.githubusercontent.com/16886c3576d0fecc959eea6c1259dd774ab8cd2763b39271909b4b436092ef17/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f637562653078302f4356452d323032312d33363933342e737667)](https://camo.githubusercontent.com/16886c3576d0fecc959eea6c1259dd774ab8cd2763b39271909b4b436092ef17/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f637562653078302f4356452d323032312d33363933342e737667) [![forks](https://camo.githubusercontent.com/d7b53cb8925b789f0a53a5cecd3d57bd0049998d015a8d4cbbb36ccf66b1c02e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f637562653078302f4356452d323032312d33363933342e737667)](https://camo.githubusercontent.com/d7b53cb8925b789f0a53a5cecd3d57bd0049998d015a8d4cbbb36ccf66b1c02e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f637562653078302f4356452d323032312d33363933342e737667)
  * <https://github.com/HuskyHacks/ShadowSteal> : [![starts](https://camo.githubusercontent.com/2492be0b1f70bcb684c0fcf6f68581f7cb851554a11e4301a240f402a94e739c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4875736b794861636b732f536861646f77537465616c2e737667)](https://camo.githubusercontent.com/2492be0b1f70bcb684c0fcf6f68581f7cb851554a11e4301a240f402a94e739c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4875736b794861636b732f536861646f77537465616c2e737667) [![forks](https://camo.githubusercontent.com/deb0ad8eede3140a80b1a41d20879637b16f2d01ad89fff76933ed67e3a1c62f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4875736b794861636b732f536861646f77537465616c2e737667)](https://camo.githubusercontent.com/deb0ad8eede3140a80b1a41d20879637b16f2d01ad89fff76933ed67e3a1c62f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4875736b794861636b732f536861646f77537465616c2e737667)

### CVE-2021-34527

> Windows Print Spooler Remote Code Execution Vulnerability

* **Analyse**
* **PoC**
  * <https://github.com/byt3bl33d3r/ItWasAllADream> : [![starts](https://camo.githubusercontent.com/a650dfda8464751297ad67efe68d1d661770c731908b09ab3080373bd56cb7bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62797433626c33336433722f4974576173416c6c41447265616d2e737667)](https://camo.githubusercontent.com/a650dfda8464751297ad67efe68d1d661770c731908b09ab3080373bd56cb7bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62797433626c33336433722f4974576173416c6c41447265616d2e737667) [![forks](https://camo.githubusercontent.com/1ed593d99d1680ca303ac23304d1ec755fef50c5aa035dd526b2ea7682c54773/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f62797433626c33336433722f4974576173416c6c41447265616d2e737667)](https://camo.githubusercontent.com/1ed593d99d1680ca303ac23304d1ec755fef50c5aa035dd526b2ea7682c54773/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f62797433626c33336433722f4974576173416c6c41447265616d2e737667)
* **Exp**
  * <https://github.com/JohnHammond/CVE-2021-34527> : [![starts](https://camo.githubusercontent.com/10c9b5e2df2a6b4ea73516062e0d6a71cb5c60e0ba771cfdad11f68c988ab1f8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a6f686e48616d6d6f6e642f4356452d323032312d33343532372e737667)](https://camo.githubusercontent.com/10c9b5e2df2a6b4ea73516062e0d6a71cb5c60e0ba771cfdad11f68c988ab1f8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a6f686e48616d6d6f6e642f4356452d323032312d33343532372e737667) [![forks](https://camo.githubusercontent.com/7b35d798dddf6f482d23a327036c201b31fe8c265d515c353817529ffa9e6e79/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4a6f686e48616d6d6f6e642f4356452d323032312d33343532372e737667)](https://camo.githubusercontent.com/7b35d798dddf6f482d23a327036c201b31fe8c265d515c353817529ffa9e6e79/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4a6f686e48616d6d6f6e642f4356452d323032312d33343532372e737667)
  * <https://github.com/BeetleChunks/SpoolSploit> : [![starts](https://camo.githubusercontent.com/c1f5574ebdc0a6c2db59d95e1b7aa6f39f252adb56bb0d72e00f7017e6f015d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f426565746c654368756e6b732f53706f6f6c53706c6f69742e737667)](https://camo.githubusercontent.com/c1f5574ebdc0a6c2db59d95e1b7aa6f39f252adb56bb0d72e00f7017e6f015d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f426565746c654368756e6b732f53706f6f6c53706c6f69742e737667) [![forks](https://camo.githubusercontent.com/f76b0af8376f9eac3f7a55129e8f25670e3501c61aba373d4420ad0b8033eebe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f426565746c654368756e6b732f53706f6f6c53706c6f69742e737667)](https://camo.githubusercontent.com/f76b0af8376f9eac3f7a55129e8f25670e3501c61aba373d4420ad0b8033eebe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f426565746c654368756e6b732f53706f6f6c53706c6f69742e737667)
  * <https://github.com/ly4k/PrintNightmare> : [![starts](https://camo.githubusercontent.com/866aea171f98e89a65560c159ef89327040ded76685520c524e9d488fa6922c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c79346b2f5072696e744e696768746d6172652e737667)](https://camo.githubusercontent.com/866aea171f98e89a65560c159ef89327040ded76685520c524e9d488fa6922c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c79346b2f5072696e744e696768746d6172652e737667) [![forks](https://camo.githubusercontent.com/8d7afa07bdaa89ff8ef91ecc7a52bca2244014f85e54f58c4b6aa7df3f35b056/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c79346b2f5072696e744e696768746d6172652e737667)](https://camo.githubusercontent.com/8d7afa07bdaa89ff8ef91ecc7a52bca2244014f85e54f58c4b6aa7df3f35b056/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c79346b2f5072696e744e696768746d6172652e737667)
  * <https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527> : [![starts](https://camo.githubusercontent.com/5186fce3ff28a157f082eb665f913a9da84c3e1730af3fdae54e3c4029377c8c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e656d6f2d77712f5072696e744e696768746d6172652d4356452d323032312d33343532372e737667)](https://camo.githubusercontent.com/5186fce3ff28a157f082eb665f913a9da84c3e1730af3fdae54e3c4029377c8c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e656d6f2d77712f5072696e744e696768746d6172652d4356452d323032312d33343532372e737667) [![forks](https://camo.githubusercontent.com/f3a879befaade920b075137ccaeea3e7cf9a74c079d493e44cb5f2aee296d9e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e656d6f2d77712f5072696e744e696768746d6172652d4356452d323032312d33343532372e737667)](https://camo.githubusercontent.com/f3a879befaade920b075137ccaeea3e7cf9a74c079d493e44cb5f2aee296d9e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e656d6f2d77712f5072696e744e696768746d6172652d4356452d323032312d33343532372e737667)

### CVE-2021-34486

> Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487.

* **Analyse**
  * <https://www.pixiepointsecurity.com/blog/advisory-cve-2021-34486.html>
* **Exp**
  * <https://github.com/KaLendsi/CVE-2021-34486> : [![starts](https://camo.githubusercontent.com/9a8d34a814ba3291a7a2e9f526f452d27b30c690842ee96298fab4b9d3bc56e8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d33343438362e737667)](https://camo.githubusercontent.com/9a8d34a814ba3291a7a2e9f526f452d27b30c690842ee96298fab4b9d3bc56e8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d33343438362e737667) [![forks](https://camo.githubusercontent.com/748ba24dac1c805f044a596debefb212fcff837d7fb3aa6609e6184226274067/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d33343438362e737667)](https://camo.githubusercontent.com/748ba24dac1c805f044a596debefb212fcff837d7fb3aa6609e6184226274067/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d33343438362e737667)
  * <https://github.com/b1tg/CVE-2021-34486-exp> : [![starts](https://camo.githubusercontent.com/453b956fa9e0e6b461b34cbd3a0fd36e6fc62f2d0f7b0a4064e1f19b42db0284/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f623174672f4356452d323032312d33343438362d6578702e737667)](https://camo.githubusercontent.com/453b956fa9e0e6b461b34cbd3a0fd36e6fc62f2d0f7b0a4064e1f19b42db0284/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f623174672f4356452d323032312d33343438362d6578702e737667) [![forks](https://camo.githubusercontent.com/9e1154f2512e43b795c43da21729fb0fdd425cee819ec412f7a579fbdcb3acce/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f623174672f4356452d323032312d33343438362d6578702e737667)](https://camo.githubusercontent.com/9e1154f2512e43b795c43da21729fb0fdd425cee819ec412f7a579fbdcb3acce/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f623174672f4356452d323032312d33343438362d6578702e737667)

### CVE-2021-33739

> Microsoft DWM Core Library Elevation of Privilege Vulnerability

* **Analyse**
  * <https://www.cnblogs.com/zUotTe0/p/15227947.html>
  * <https://zhuanlan.zhihu.com/p/384636717>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/giwon9977/CVE-2021-33739_PoC> : [![starts](https://camo.githubusercontent.com/30a2cca1f589f2aa903a6514491f3b47f0e55bd9df48e97921f9c0727006898b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6769776f6e393937372f4356452d323032312d33333733395f506f432e737667)](https://camo.githubusercontent.com/30a2cca1f589f2aa903a6514491f3b47f0e55bd9df48e97921f9c0727006898b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6769776f6e393937372f4356452d323032312d33333733395f506f432e737667) [![forks](https://camo.githubusercontent.com/7aa020b83bb2d33bd4abc1c1f6c128f38a944884ac3870984c3c2bf0c0b25a5b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6769776f6e393937372f4356452d323032312d33333733395f506f432e737667)](https://camo.githubusercontent.com/7aa020b83bb2d33bd4abc1c1f6c128f38a944884ac3870984c3c2bf0c0b25a5b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6769776f6e393937372f4356452d323032312d33333733395f506f432e737667)
  * <https://github.com/freeide2017/CVE-2021-33739-POC> : [![starts](https://camo.githubusercontent.com/2a8ea62ba1840a32cda31b4f1b8f5c9153061ddc5e687aaae1a9f0f69b2664c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66726565696465323031372f4356452d323032312d33333733392d504f432e737667)](https://camo.githubusercontent.com/2a8ea62ba1840a32cda31b4f1b8f5c9153061ddc5e687aaae1a9f0f69b2664c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66726565696465323031372f4356452d323032312d33333733392d504f432e737667) [![forks](https://camo.githubusercontent.com/87703b2dfe7d99d32f9d885ecb57b61c204fe095dc7fced4f1589e796319d735/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f66726565696465323031372f4356452d323032312d33333733392d504f432e737667)](https://camo.githubusercontent.com/87703b2dfe7d99d32f9d885ecb57b61c204fe095dc7fced4f1589e796319d735/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f66726565696465323031372f4356452d323032312d33333733392d504f432e737667)

### CVE-2021-31956

> Windows NTFS Elevation of Privilege Vulnerability

* **Analyse**
  * <https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/>
  * <https://research.nccgroup.com/2021/08/17/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-2/>

### CVE-2021-28310

> Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072

* **Analyse**
  * <https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/>

### CVE-2021-26868

> Windows Graphics Component Elevation of Privilege Vulnerability

* **Analyse**
  * <https://zhuanlan.zhihu.com/p/384636717>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/KangD1W2/CVE-2021-26868> : [![starts](https://camo.githubusercontent.com/5c3867e53f90d03cec42d1d132ee117d26af8516eba0c7839bfe0cff9c2d49fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b616e67443157322f4356452d323032312d32363836382e737667)](https://camo.githubusercontent.com/5c3867e53f90d03cec42d1d132ee117d26af8516eba0c7839bfe0cff9c2d49fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b616e67443157322f4356452d323032312d32363836382e737667) [![forks](https://camo.githubusercontent.com/57ab7caa1d5aac74d4e90e26f8a2602db101bd6fed5acc8bbdadf8bd8d0d7ddd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b616e67443157322f4356452d323032312d32363836382e737667)](https://camo.githubusercontent.com/57ab7caa1d5aac74d4e90e26f8a2602db101bd6fed5acc8bbdadf8bd8d0d7ddd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b616e67443157322f4356452d323032312d32363836382e737667)

### CVE-2021-24096

> Windows Kernel Elevation of Privilege Vulnerability

* **PoC**
  * <https://github.com/FunPhishing/CVE-2021-24096> : [![starts](https://camo.githubusercontent.com/f6765387919301467c9743d294981cb03c7e948d59efd46ad14ace875c135256/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f46756e5068697368696e672f4356452d323032312d32343039362e737667)](https://camo.githubusercontent.com/f6765387919301467c9743d294981cb03c7e948d59efd46ad14ace875c135256/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f46756e5068697368696e672f4356452d323032312d32343039362e737667) [![forks](https://camo.githubusercontent.com/ccc84a7aee56e638659906e0ba7f1322881e7145dfa1511a88bd7e3cb3129776/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f46756e5068697368696e672f4356452d323032312d32343039362e737667)](https://camo.githubusercontent.com/ccc84a7aee56e638659906e0ba7f1322881e7145dfa1511a88bd7e3cb3129776/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f46756e5068697368696e672f4356452d323032312d32343039362e737667)

### CVE-2021-21551

> Dell dbutil\_2\_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

* **Analyse**
  * <https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/>
* **Exp**
  * <https://github.com/waldo-irc/CVE-2021-21551> : [![starts](https://camo.githubusercontent.com/3b9680f47f4a0d52ba7dab63079999915be4f7e9b2f94dd9f444b09f8ea0cb36/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77616c646f2d6972632f4356452d323032312d32313535312e737667)](https://camo.githubusercontent.com/3b9680f47f4a0d52ba7dab63079999915be4f7e9b2f94dd9f444b09f8ea0cb36/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77616c646f2d6972632f4356452d323032312d32313535312e737667) [![forks](https://camo.githubusercontent.com/78f3945bf1cec8376c08e7f0ef47b05df1a2d11d5618ec672a6cd822dca19ab8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77616c646f2d6972632f4356452d323032312d32313535312e737667)](https://camo.githubusercontent.com/78f3945bf1cec8376c08e7f0ef47b05df1a2d11d5618ec672a6cd822dca19ab8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77616c646f2d6972632f4356452d323032312d32313535312e737667)

### CVE-2021-1732

> Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698

* **Analyse**
  * <https://www.freebuf.com/vuls/270295.html>
  * <https://021w.github.io/2021/03/12/CVE-2021-1732Win32kfull-sys%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/>
  * <https://laptrinhx.com/shen-ru-pou-xicve-2021-1732lou-dong-1153028117/>
  * <https://bbs.pediy.com/thread-266362.htm>
  * <https://www.secrss.com/articles/29758>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2021-1732> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/KaLendsi/CVE-2021-1732-Exploit> : [![starts](https://camo.githubusercontent.com/194f1c546f9c9a9995d50796546a50e0351f27945304f265df8c649a6314dc84/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d313733322d4578706c6f69742e737667)](https://camo.githubusercontent.com/194f1c546f9c9a9995d50796546a50e0351f27945304f265df8c649a6314dc84/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032312d313733322d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/4df788d5ebeb3f787e7a0e163c9bb8b9d5aea49e64f87bf2ad8f7ce8e9077455/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d313733322d4578706c6f69742e737667)](https://camo.githubusercontent.com/4df788d5ebeb3f787e7a0e163c9bb8b9d5aea49e64f87bf2ad8f7ce8e9077455/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032312d313733322d4578706c6f69742e737667)
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2021-1732> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/k-k-k-k-k/CVE-2021-1732> : [![starts](https://camo.githubusercontent.com/cb708826a86b32714c7aebed4198447a8d21d193d8517916438892204a8f29b2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b2d6b2d6b2d6b2d6b2f4356452d323032312d313733322e737667)](https://camo.githubusercontent.com/cb708826a86b32714c7aebed4198447a8d21d193d8517916438892204a8f29b2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b2d6b2d6b2d6b2d6b2f4356452d323032312d313733322e737667) [![forks](https://camo.githubusercontent.com/be31770af0af3422e5900c9a04a67cefe512d696a5bc6dbd7e06f78893b6a900/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b2d6b2d6b2d6b2d6b2f4356452d323032312d313733322e737667)](https://camo.githubusercontent.com/be31770af0af3422e5900c9a04a67cefe512d696a5bc6dbd7e06f78893b6a900/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b2d6b2d6b2d6b2d6b2f4356452d323032312d313733322e737667)
  * <https://github.com/jessica0f0116/cve_2021_1732> : [![starts](https://camo.githubusercontent.com/0b7fc13fcbad76af1cfa9eb1fa34474d694e3172727ae1201aa02a1c48b4b80f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6573736963613066303131362f6376655f323032315f313733322e737667)](https://camo.githubusercontent.com/0b7fc13fcbad76af1cfa9eb1fa34474d694e3172727ae1201aa02a1c48b4b80f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6573736963613066303131362f6376655f323032315f313733322e737667) [![forks](https://camo.githubusercontent.com/7250ee9710d7efb130df9ac7b22b034c22797e5eb5da64f84e5ee4da3d27b155/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6573736963613066303131362f6376655f323032315f313733322e737667)](https://camo.githubusercontent.com/7250ee9710d7efb130df9ac7b22b034c22797e5eb5da64f84e5ee4da3d27b155/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6573736963613066303131362f6376655f323032315f313733322e737667)
  * <https://github.com/oneoy/CVE-2021-1732-Exploit> : [![starts](https://camo.githubusercontent.com/924c2b06d2a20afc355c38ab8cb1080aa73a27ad248ed2dd1f22fa2573647ffe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6e656f792f4356452d323032312d313733322d4578706c6f69742e737667)](https://camo.githubusercontent.com/924c2b06d2a20afc355c38ab8cb1080aa73a27ad248ed2dd1f22fa2573647ffe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6e656f792f4356452d323032312d313733322d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/48d0e4e19d84ba25e217fb6596f1bdf39b222d2abc3f7ce7c94d75a2c0d02337/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6e656f792f4356452d323032312d313733322d4578706c6f69742e737667)](https://camo.githubusercontent.com/48d0e4e19d84ba25e217fb6596f1bdf39b222d2abc3f7ce7c94d75a2c0d02337/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6e656f792f4356452d323032312d313733322d4578706c6f69742e737667)

## 2020

### CVE-2020-17087

> Windows Kernel Local Elevation of Privilege Vulnerability

* **Analyse**
  * <https://blog.csdn.net/weixin_43815930/article/details/114123728>
  * <https://www.anquanke.com/post/id/221964>
* **PoC**
  * <https://github.com/Ascotbe/Kernelhub/CVE-2020-17087> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/TinToSer/CVE2020-17087> : [![starts](https://camo.githubusercontent.com/7c165a453f0d042165750985848b0673027d3f796de7ba20210f5a1c7128cbf5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54696e546f5365722f435645323032302d31373038372e737667)](https://camo.githubusercontent.com/7c165a453f0d042165750985848b0673027d3f796de7ba20210f5a1c7128cbf5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54696e546f5365722f435645323032302d31373038372e737667) [![forks](https://camo.githubusercontent.com/70955e6c41216cabaab6a7936b3b2291456f99ca080494567663ba83f4f85b3c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f54696e546f5365722f435645323032302d31373038372e737667)](https://camo.githubusercontent.com/70955e6c41216cabaab6a7936b3b2291456f99ca080494567663ba83f4f85b3c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f54696e546f5365722f435645323032302d31373038372e737667)
  * <https://github.com/revengsh/CVE-2020-17087> : [![starts](https://camo.githubusercontent.com/f9f9623902ff07210c5ea1b5a879ab569720b11e7c687aa2c99399e0dd7e0351/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726576656e6773682f4356452d323032302d31373038372e737667)](https://camo.githubusercontent.com/f9f9623902ff07210c5ea1b5a879ab569720b11e7c687aa2c99399e0dd7e0351/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726576656e6773682f4356452d323032302d31373038372e737667) [![forks](https://camo.githubusercontent.com/79c06c42aa3e424c92b94ac8e97da1ccd447dda52533c28b40a5fbfd7b4517dc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726576656e6773682f4356452d323032302d31373038372e737667)](https://camo.githubusercontent.com/79c06c42aa3e424c92b94ac8e97da1ccd447dda52533c28b40a5fbfd7b4517dc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726576656e6773682f4356452d323032302d31373038372e737667)

### CVE-2020-17057

> Windows Win32k Elevation of Privilege Vulnerability

* **Analyse**
  * <https://blogs.360.cn/post/CVE-2020-17057%20detail%20and%20exploit.html>
* **PoC**
  * <https://github.com/ze0r/cve-2020-17057> : [![starts](https://camo.githubusercontent.com/f07ebe9a3bb175b4f05db4b78de10e7df6c8a83b4d44cdac28f1422bea524630/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f6376652d323032302d31373035372e737667)](https://camo.githubusercontent.com/f07ebe9a3bb175b4f05db4b78de10e7df6c8a83b4d44cdac28f1422bea524630/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f6376652d323032302d31373035372e737667) [![forks](https://camo.githubusercontent.com/e295ac56f018022957a9e716ba30cf529c7d235d59ed3d87fc1020ad04cec997/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f6376652d323032302d31373035372e737667)](https://camo.githubusercontent.com/e295ac56f018022957a9e716ba30cf529c7d235d59ed3d87fc1020ad04cec997/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f6376652d323032302d31373035372e737667)
  * <https://github.com/lsw29475/CVE-2020-17057> : [![starts](https://camo.githubusercontent.com/fa993028722113d5e5c574b9d08d30c9debd66c616cd20d3460135d9cf4a2377/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c737732393437352f4356452d323032302d31373035372e737667)](https://camo.githubusercontent.com/fa993028722113d5e5c574b9d08d30c9debd66c616cd20d3460135d9cf4a2377/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c737732393437352f4356452d323032302d31373035372e737667) [![forks](https://camo.githubusercontent.com/61f90527d4a276fb6beca584e784260ae26c94c99c9373fc40f4965d5f9a500f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c737732393437352f4356452d323032302d31373035372e737667)](https://camo.githubusercontent.com/61f90527d4a276fb6beca584e784260ae26c94c99c9373fc40f4965d5f9a500f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c737732393437352f4356452d323032302d31373035372e737667)

### CVE-2020-16898

> A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.

* **Analyse**
  * <https://www.anquanke.com/post/id/220862>
  * <https://bestwing.me/CVE-2020-15898-analysis.html>
  * <http://www.v4ler1an.com/2020/10/cve-2020-16898/>
  * <https://cert.360.cn/report/detail?id=771d8ddc2d703071d5761b6a2b139793>
* **PoC**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2020-16898> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/advanced-threat-research/CVE-2020-16898> : [![starts](https://camo.githubusercontent.com/0caaad0b6a18c1dc59139eab564b0bc47c9f3a27bb9af1a3e45e8ec3e8bb4350/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616476616e6365642d7468726561742d72657365617263682f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/0caaad0b6a18c1dc59139eab564b0bc47c9f3a27bb9af1a3e45e8ec3e8bb4350/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616476616e6365642d7468726561742d72657365617263682f4356452d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/974211459f46da8afc6b502362420000f694492f200b36619b6e61a84a861d27/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616476616e6365642d7468726561742d72657365617263682f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/974211459f46da8afc6b502362420000f694492f200b36619b6e61a84a861d27/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616476616e6365642d7468726561742d72657365617263682f4356452d323032302d31363839382e737667)
  * <https://github.com/0xeb-bp/cve-2020-16898> : [![starts](https://camo.githubusercontent.com/1fcc177a1263830ad6ee0ffd4e2f9f2fc0f0cd80faf12c88f803d04b61315bb3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f6376652d323032302d31363839382e737667)](https://camo.githubusercontent.com/1fcc177a1263830ad6ee0ffd4e2f9f2fc0f0cd80faf12c88f803d04b61315bb3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f6376652d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/50559bb72e93fc3f40178f305787f2f4f46991798fe1b942affb7c2f9f8d7349/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f6376652d323032302d31363839382e737667)](https://camo.githubusercontent.com/50559bb72e93fc3f40178f305787f2f4f46991798fe1b942affb7c2f9f8d7349/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f6376652d323032302d31363839382e737667)
  * <https://github.com/ZephrFish/CVE-2020-16898> : [![starts](https://camo.githubusercontent.com/bb7ccfc904f19365fc3573013de993372911fec35e7cc07283cf748f2f959363/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65706872466973682f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/bb7ccfc904f19365fc3573013de993372911fec35e7cc07283cf748f2f959363/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65706872466973682f4356452d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/8534191b28daaf4891fae3b343eb70c83635ea4caeb0f6104c49447df63744b1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65706872466973682f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/8534191b28daaf4891fae3b343eb70c83635ea4caeb0f6104c49447df63744b1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65706872466973682f4356452d323032302d31363839382e737667)
  * <https://github.com/momika233/CVE-2020-16898-exp> : [![starts](https://camo.githubusercontent.com/2519a10f0680d1dc83f4e71ed16086d56770918802ac505bb2efe99aef7da983/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6f6d696b613233332f4356452d323032302d31363839382d6578702e737667)](https://camo.githubusercontent.com/2519a10f0680d1dc83f4e71ed16086d56770918802ac505bb2efe99aef7da983/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6f6d696b613233332f4356452d323032302d31363839382d6578702e737667) [![forks](https://camo.githubusercontent.com/de99324d4fdf8d5aaa215ee0d2dfe738b808c0fc2938905d934ea7d666f181a4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6f6d696b613233332f4356452d323032302d31363839382d6578702e737667)](https://camo.githubusercontent.com/de99324d4fdf8d5aaa215ee0d2dfe738b808c0fc2938905d934ea7d666f181a4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6f6d696b613233332f4356452d323032302d31363839382d6578702e737667)
  * <https://github.com/corelight/CVE-2020-16898> : [![starts](https://camo.githubusercontent.com/0c6b20b4ae8c19f392c64076584c427bf16c8a71c35ec2b758e31ff2bc7f13e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f72656c696768742f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/0c6b20b4ae8c19f392c64076584c427bf16c8a71c35ec2b758e31ff2bc7f13e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f72656c696768742f4356452d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/955d0724b8355bccfb01f606e0c9f2063c8bf03f08b6c4dafb638ea4fc18bbc6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f72656c696768742f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/955d0724b8355bccfb01f606e0c9f2063c8bf03f08b6c4dafb638ea4fc18bbc6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f72656c696768742f4356452d323032302d31363839382e737667)
  * <https://github.com/komomon/CVE-2020-16898--EXP-POC> : [![starts](https://camo.githubusercontent.com/9da2d7f88b71f98ea7e86c18b103ccc319fbdeadcc654f342dd8f79726e9a757/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d2d4558502d504f432e737667)](https://camo.githubusercontent.com/9da2d7f88b71f98ea7e86c18b103ccc319fbdeadcc654f342dd8f79726e9a757/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d2d4558502d504f432e737667) [![forks](https://camo.githubusercontent.com/8c96b64a1993f3d1717f9a5c10f8ad3b8f75ef3977635f7095ae6ba9fef8fd69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d2d4558502d504f432e737667)](https://camo.githubusercontent.com/8c96b64a1993f3d1717f9a5c10f8ad3b8f75ef3977635f7095ae6ba9fef8fd69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d2d4558502d504f432e737667)
  * <https://github.com/jiansiting/cve-2020-16898> : [![starts](https://camo.githubusercontent.com/7d0c8fcd0d774895b4525b565e3553b8c1931f470aca64df750f852bf4b885cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a69616e736974696e672f6376652d323032302d31363839382e737667)](https://camo.githubusercontent.com/7d0c8fcd0d774895b4525b565e3553b8c1931f470aca64df750f852bf4b885cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a69616e736974696e672f6376652d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/a4a0ee32d6961baed7eb47228588ce626e2aca0df2c6188a9d9cb9a28b0e486c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a69616e736974696e672f6376652d323032302d31363839382e737667)](https://camo.githubusercontent.com/a4a0ee32d6961baed7eb47228588ce626e2aca0df2c6188a9d9cb9a28b0e486c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a69616e736974696e672f6376652d323032302d31363839382e737667)
  * <https://github.com/komomon/CVE-2020-16898-EXP-POC> : [![starts](https://camo.githubusercontent.com/ff236a459f2e80371b03830f90a78ab390d8f1d9fc371731f4a0132ef221c1bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d4558502d504f432e737667)](https://camo.githubusercontent.com/ff236a459f2e80371b03830f90a78ab390d8f1d9fc371731f4a0132ef221c1bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d4558502d504f432e737667) [![forks](https://camo.githubusercontent.com/df284007a5f921cbc47137b6a018b095349590e93ee0fbefcc2ae18f95b6d174/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d4558502d504f432e737667)](https://camo.githubusercontent.com/df284007a5f921cbc47137b6a018b095349590e93ee0fbefcc2ae18f95b6d174/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6f6d6f6d6f6e2f4356452d323032302d31363839382d4558502d504f432e737667)
  * <https://github.com/Maliek/CVE-2020-16898_Check> : [![starts](https://camo.githubusercontent.com/047a0f8a4551f33b76c242e55ac03aad2609cb407df0f9856685ede1230bf7c9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d616c69656b2f4356452d323032302d31363839385f436865636b2e737667)](https://camo.githubusercontent.com/047a0f8a4551f33b76c242e55ac03aad2609cb407df0f9856685ede1230bf7c9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d616c69656b2f4356452d323032302d31363839385f436865636b2e737667) [![forks](https://camo.githubusercontent.com/79877e398d030da8457f268ad1e4647f9de50783b704be8fb3b1e5e202178597/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d616c69656b2f4356452d323032302d31363839385f436865636b2e737667)](https://camo.githubusercontent.com/79877e398d030da8457f268ad1e4647f9de50783b704be8fb3b1e5e202178597/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d616c69656b2f4356452d323032302d31363839385f436865636b2e737667)
  * <https://github.com/initconf/CVE-2020-16898-Bad-Neighbor> : [![starts](https://camo.githubusercontent.com/8248510201420defff96e6b5fa15525d1c98ec2af6fde061567088dd59d88495/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e6974636f6e662f4356452d323032302d31363839382d4261642d4e65696768626f722e737667)](https://camo.githubusercontent.com/8248510201420defff96e6b5fa15525d1c98ec2af6fde061567088dd59d88495/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e6974636f6e662f4356452d323032302d31363839382d4261642d4e65696768626f722e737667) [![forks](https://camo.githubusercontent.com/4948d4adee14b992f60c4939ad79de76fc0d407393f997705d7d8b5ff15eb5ad/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696e6974636f6e662f4356452d323032302d31363839382d4261642d4e65696768626f722e737667)](https://camo.githubusercontent.com/4948d4adee14b992f60c4939ad79de76fc0d407393f997705d7d8b5ff15eb5ad/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696e6974636f6e662f4356452d323032302d31363839382d4261642d4e65696768626f722e737667)
  * <https://github.com/CPO-EH/CVE-2020-16898_Checker> : [![starts](https://camo.githubusercontent.com/ef8197bbf01d434f731595be2bfab9c9bd10d9ac0770fe46a4c3dd7a1f207085/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f43504f2d45482f4356452d323032302d31363839385f436865636b65722e737667)](https://camo.githubusercontent.com/ef8197bbf01d434f731595be2bfab9c9bd10d9ac0770fe46a4c3dd7a1f207085/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f43504f2d45482f4356452d323032302d31363839385f436865636b65722e737667) [![forks](https://camo.githubusercontent.com/44a9198e9884172bf5a875a06bac4419eb5b5b0356d9cb9f0ae8a508591b2fe8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f43504f2d45482f4356452d323032302d31363839385f436865636b65722e737667)](https://camo.githubusercontent.com/44a9198e9884172bf5a875a06bac4419eb5b5b0356d9cb9f0ae8a508591b2fe8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f43504f2d45482f4356452d323032302d31363839385f436865636b65722e737667)
  * <https://github.com/esnet-security/cve-2020-16898> : [![starts](https://camo.githubusercontent.com/8cf9b083e1afb286ad1a455ed75f03acdceaae3e48790da7a0f037f717c96595/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f65736e65742d73656375726974792f6376652d323032302d31363839382e737667)](https://camo.githubusercontent.com/8cf9b083e1afb286ad1a455ed75f03acdceaae3e48790da7a0f037f717c96595/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f65736e65742d73656375726974792f6376652d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/4634179e84fa180b8b8a531222835e46c8954a073d4fc5f36d5601f49c1643f9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f65736e65742d73656375726974792f6376652d323032302d31363839382e737667)](https://camo.githubusercontent.com/4634179e84fa180b8b8a531222835e46c8954a073d4fc5f36d5601f49c1643f9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f65736e65742d73656375726974792f6376652d323032302d31363839382e737667)
  * <https://github.com/Q1984/CVE-2020-16898> : [![starts](https://camo.githubusercontent.com/51e149e15f1e9bc08b89159a8e99d7d8a6375f8973c4783809802082d29802cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f51313938342f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/51e149e15f1e9bc08b89159a8e99d7d8a6375f8973c4783809802082d29802cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f51313938342f4356452d323032302d31363839382e737667) [![forks](https://camo.githubusercontent.com/04a176e9d34ef77ccd19e8daedd386e1a375efb461d4388fbd1176015a858013/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f51313938342f4356452d323032302d31363839382e737667)](https://camo.githubusercontent.com/04a176e9d34ef77ccd19e8daedd386e1a375efb461d4388fbd1176015a858013/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f51313938342f4356452d323032302d31363839382e737667)

### CVE-2020-1362

> An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.

* **Analyse**
  * <https://paper.seebug.org/1276/>
  * <https://www.023niu.com/show-62-811-1.html>
  * <https://blog.csdn.net/gental_z/article/details/107937110>
* **Exp**
  * <https://github.com/Q4n/CVE-2020-1362> : [![starts](https://camo.githubusercontent.com/8134a6a38a78117dac91927b87e2a961cf066889316ba93ec1ce5d55e7f0073f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f51346e2f4356452d323032302d313336322e737667)](https://camo.githubusercontent.com/8134a6a38a78117dac91927b87e2a961cf066889316ba93ec1ce5d55e7f0073f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f51346e2f4356452d323032302d313336322e737667) [![forks](https://camo.githubusercontent.com/ef8a930e1dc61724a30ebaf04fc8adea0bec977f4aef8a17cbe513fb0a2fe9be/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f51346e2f4356452d323032302d313336322e737667)](https://camo.githubusercontent.com/ef8a930e1dc61724a30ebaf04fc8adea0bec977f4aef8a17cbe513fb0a2fe9be/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f51346e2f4356452d323032302d313336322e737667)
  * <https://github.com/Al1ex/WindowsElevation> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)

### CVE-2020-1350

> A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

* **Analyse**
  * <https://saturn35.com/2020/07/24/20200724-1/>
  * <https://www.anquanke.com/post/id/210812>
  * <https://cert.360.cn/report/detail?id=5b7082dae4756f361d43a5efde233ed>
* **PoC**
  * <https://github.com/ZephrFish/CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/7602c4638c50463e09b71976a3560d0d5257418d18a91c8e345c7178793bfd5b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65706872466973682f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/7602c4638c50463e09b71976a3560d0d5257418d18a91c8e345c7178793bfd5b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65706872466973682f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/b66d8719e2a29dad9302bc234b3d104bc85b1c77b0521536e538224ea245a270/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65706872466973682f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/b66d8719e2a29dad9302bc234b3d104bc85b1c77b0521536e538224ea245a270/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65706872466973682f4356452d323032302d313335302e737667)
  * <https://github.com/maxpl0it/CVE-2020-1350-DoS> : [![starts](https://camo.githubusercontent.com/9729f51958195eeb90ca9790acbff83b6dd6a41b60749cb03162ecd1e786cf88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6178706c3069742f4356452d323032302d313335302d446f532e737667)](https://camo.githubusercontent.com/9729f51958195eeb90ca9790acbff83b6dd6a41b60749cb03162ecd1e786cf88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6178706c3069742f4356452d323032302d313335302d446f532e737667) [![forks](https://camo.githubusercontent.com/62f31bc1fdee9c1abfc5608d95da524eb4f3cc8c4b02d6dd690268f43226eee5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6178706c3069742f4356452d323032302d313335302d446f532e737667)](https://camo.githubusercontent.com/62f31bc1fdee9c1abfc5608d95da524eb4f3cc8c4b02d6dd690268f43226eee5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6178706c3069742f4356452d323032302d313335302d446f532e737667)
  * <https://github.com/tinkersec/cve-2020-1350> : [![starts](https://camo.githubusercontent.com/c134bb6ec42b9ad954218f0a37f4ee9488dc686fa936f3201958e1b8a3053832/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74696e6b65727365632f6376652d323032302d313335302e737667)](https://camo.githubusercontent.com/c134bb6ec42b9ad954218f0a37f4ee9488dc686fa936f3201958e1b8a3053832/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74696e6b65727365632f6376652d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/331e58aa15a964cdf4e80894756c9b3923c22937ef0057ce8cbcbea32e6ed958/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f74696e6b65727365632f6376652d323032302d313335302e737667)](https://camo.githubusercontent.com/331e58aa15a964cdf4e80894756c9b3923c22937ef0057ce8cbcbea32e6ed958/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f74696e6b65727365632f6376652d323032302d313335302e737667)
  * <https://github.com/psc4re/NSE-scripts> : [![starts](https://camo.githubusercontent.com/6bb18ba86562c9731f583f7c481178c463ac56db21fc9c4bf5221eebe2bedb2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7073633472652f4e53452d736372697074732e737667)](https://camo.githubusercontent.com/6bb18ba86562c9731f583f7c481178c463ac56db21fc9c4bf5221eebe2bedb2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7073633472652f4e53452d736372697074732e737667) [![forks](https://camo.githubusercontent.com/426596dd1a35a2562e44302ffcd1f02ac93321533eee4ce3dc4ae46fcd9d79fa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7073633472652f4e53452d736372697074732e737667)](https://camo.githubusercontent.com/426596dd1a35a2562e44302ffcd1f02ac93321533eee4ce3dc4ae46fcd9d79fa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7073633472652f4e53452d736372697074732e737667)
  * <https://github.com/captainGeech42/CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/263c27cf0a1df7a2580188204b10fe48001eba8ad846cfce8cf545907ae7be30/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6361707461696e476565636834322f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/263c27cf0a1df7a2580188204b10fe48001eba8ad846cfce8cf545907ae7be30/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6361707461696e476565636834322f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/019332b3364db7621113079aeaef2799607d04fac0c2a3248261e1300f85b537/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6361707461696e476565636834322f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/019332b3364db7621113079aeaef2799607d04fac0c2a3248261e1300f85b537/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6361707461696e476565636834322f4356452d323032302d313335302e737667)
  * <https://github.com/T13nn3s/CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/af14683a883f41b2156046361d1063f1e061375728bf8b866e525fa2e00b056f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5431336e6e33732f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/af14683a883f41b2156046361d1063f1e061375728bf8b866e525fa2e00b056f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5431336e6e33732f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/c10e5f5ff857d2b5b9efffbe75685017d81d92e3aa4e0b9a288107ad411b6f12/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5431336e6e33732f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/c10e5f5ff857d2b5b9efffbe75685017d81d92e3aa4e0b9a288107ad411b6f12/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5431336e6e33732f4356452d323032302d313335302e737667)
  * <https://github.com/corelight/SIGRed> : [![starts](https://camo.githubusercontent.com/723e14a27ea069fcdeae50523f1fe899bdaf42c3fc797984bddc8e5ecaa53732/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f72656c696768742f5349475265642e737667)](https://camo.githubusercontent.com/723e14a27ea069fcdeae50523f1fe899bdaf42c3fc797984bddc8e5ecaa53732/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f72656c696768742f5349475265642e737667) [![forks](https://camo.githubusercontent.com/2b2f7b440465f0537c3c685df444c76b6f3a250ce23000cf8d5b678327fb5225/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f72656c696768742f5349475265642e737667)](https://camo.githubusercontent.com/2b2f7b440465f0537c3c685df444c76b6f3a250ce23000cf8d5b678327fb5225/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f72656c696768742f5349475265642e737667)
  * <https://github.com/connormcgarr/CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/8f4f58b27acb0607ecd5ddda66d656cadd0f1a6c6490803759e624ff2546422e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f6e6e6f726d63676172722f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/8f4f58b27acb0607ecd5ddda66d656cadd0f1a6c6490803759e624ff2546422e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f6e6e6f726d63676172722f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/0e39ce158cf9afecb4e9790e41ae1720a119b7b0b16a88189f16d9ab144bd9d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f6e6e6f726d63676172722f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/0e39ce158cf9afecb4e9790e41ae1720a119b7b0b16a88189f16d9ab144bd9d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f6e6e6f726d63676172722f4356452d323032302d313335302e737667)
  * <https://github.com/zoomerxsec/Fake_CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/e2af691465cfde6744e947cb950cf0801e5ccec0544424276d9c5a619fd80b55/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6f6f6d6572787365632f46616b655f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/e2af691465cfde6744e947cb950cf0801e5ccec0544424276d9c5a619fd80b55/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6f6f6d6572787365632f46616b655f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/f73627115e2a8b0febf5a634d62f7ed660da99ae484761a0057a372d54d84dcc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6f6f6d6572787365632f46616b655f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/f73627115e2a8b0febf5a634d62f7ed660da99ae484761a0057a372d54d84dcc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6f6f6d6572787365632f46616b655f4356452d323032302d313335302e737667)
  * <https://github.com/graph-inc/CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/61df81a08987c4a4c984bf4389d9fa4d9c6dc7ad0a63a80b0e7f7025a21ee709/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f67726170682d696e632f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/61df81a08987c4a4c984bf4389d9fa4d9c6dc7ad0a63a80b0e7f7025a21ee709/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f67726170682d696e632f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/03b7a5cc6633de8d813fcb62df48d9f54ecde6e776af8612da0193c16cf836c7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f67726170682d696e632f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/03b7a5cc6633de8d813fcb62df48d9f54ecde6e776af8612da0193c16cf836c7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f67726170682d696e632f4356452d323032302d313335302e737667)
  * <https://github.com/Plazmaz/CVE-2020-1350-poc> : [![starts](https://camo.githubusercontent.com/81945134854e68b51d924e4ff3d9d3f464ad1167a94e6d96605ba0e6c2cf556e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f506c617a6d617a2f4356452d323032302d313335302d706f632e737667)](https://camo.githubusercontent.com/81945134854e68b51d924e4ff3d9d3f464ad1167a94e6d96605ba0e6c2cf556e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f506c617a6d617a2f4356452d323032302d313335302d706f632e737667) [![forks](https://camo.githubusercontent.com/d119172bfcd5ad96e48531b82c841df92ab389e073236c7b82b645d420f68c5e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f506c617a6d617a2f4356452d323032302d313335302d706f632e737667)](https://camo.githubusercontent.com/d119172bfcd5ad96e48531b82c841df92ab389e073236c7b82b645d420f68c5e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f506c617a6d617a2f4356452d323032302d313335302d706f632e737667)
  * <https://github.com/simeononsecurity/CVE-2020-1350-Fix> : [![starts](https://camo.githubusercontent.com/7e9d99f3cf6d8fa0226ff30a896bb6c78c2d52cdfa98ab910891faf9a783c904/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73696d656f6e6f6e73656375726974792f4356452d323032302d313335302d4669782e737667)](https://camo.githubusercontent.com/7e9d99f3cf6d8fa0226ff30a896bb6c78c2d52cdfa98ab910891faf9a783c904/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73696d656f6e6f6e73656375726974792f4356452d323032302d313335302d4669782e737667) [![forks](https://camo.githubusercontent.com/86092e6211d596f6e65e40b86a06ccad7ce30c51f59d6340732f21d9e8053c1a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73696d656f6e6f6e73656375726974792f4356452d323032302d313335302d4669782e737667)](https://camo.githubusercontent.com/86092e6211d596f6e65e40b86a06ccad7ce30c51f59d6340732f21d9e8053c1a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73696d656f6e6f6e73656375726974792f4356452d323032302d313335302d4669782e737667)
  * <https://github.com/CVEmaster/CVE-2020-1350> : [![starts](https://camo.githubusercontent.com/ec39d7051cf93183c1c8f8a4b5b3ee8fea35a6b364de67ca477a55096bd0bbd5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4356456d61737465722f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/ec39d7051cf93183c1c8f8a4b5b3ee8fea35a6b364de67ca477a55096bd0bbd5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4356456d61737465722f4356452d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/9198b96a07832a6e39319014d0724216c1225113f935713458fede285dc5d764/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4356456d61737465722f4356452d323032302d313335302e737667)](https://camo.githubusercontent.com/9198b96a07832a6e39319014d0724216c1225113f935713458fede285dc5d764/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4356456d61737465722f4356452d323032302d313335302e737667)
  * <https://github.com/gdwnet/cve-2020-1350> : [![starts](https://camo.githubusercontent.com/3ef0a12a92da4b09a302c548ae2afc4d916033feb37ddc0522efac281c369806/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6764776e65742f6376652d323032302d313335302e737667)](https://camo.githubusercontent.com/3ef0a12a92da4b09a302c548ae2afc4d916033feb37ddc0522efac281c369806/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6764776e65742f6376652d323032302d313335302e737667) [![forks](https://camo.githubusercontent.com/fc2095548dec382ae4d7d5793c9409057862be2642c9464c884c303974e25469/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6764776e65742f6376652d323032302d313335302e737667)](https://camo.githubusercontent.com/fc2095548dec382ae4d7d5793c9409057862be2642c9464c884c303974e25469/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6764776e65742f6376652d323032302d313335302e737667)
  * <https://github.com/Secuora-Org/CVE-2020-1350-checker.ps1> : [![starts](https://camo.githubusercontent.com/3665978675c99f5d1807c5d2057ec22f27c372deb55fa3edc0cbe1cc1141a107/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f536563756f72612d4f72672f4356452d323032302d313335302d636865636b65722e7073312e737667)](https://camo.githubusercontent.com/3665978675c99f5d1807c5d2057ec22f27c372deb55fa3edc0cbe1cc1141a107/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f536563756f72612d4f72672f4356452d323032302d313335302d636865636b65722e7073312e737667) [![forks](https://camo.githubusercontent.com/e79679039ec9223253d4064286668704d9667dd0f311b17c56821a816427ce33/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f536563756f72612d4f72672f4356452d323032302d313335302d636865636b65722e7073312e737667)](https://camo.githubusercontent.com/e79679039ec9223253d4064286668704d9667dd0f311b17c56821a816427ce33/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f536563756f72612d4f72672f4356452d323032302d313335302d636865636b65722e7073312e737667)
  * <https://github.com/jmaddington/dRMM-CVE-2020-1350-response> : [![starts](https://camo.githubusercontent.com/a4ba38d9aa37de241ab580ac58b5832ee83cd2b19074d50e6acce05cfaf06c79/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6d616464696e67746f6e2f64524d4d2d4356452d323032302d313335302d726573706f6e73652e737667)](https://camo.githubusercontent.com/a4ba38d9aa37de241ab580ac58b5832ee83cd2b19074d50e6acce05cfaf06c79/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6d616464696e67746f6e2f64524d4d2d4356452d323032302d313335302d726573706f6e73652e737667) [![forks](https://camo.githubusercontent.com/59fc95151bec71a8f18e4cfb490308246b38ac09d871aae9b8d533373c8fd4da/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6d616464696e67746f6e2f64524d4d2d4356452d323032302d313335302d726573706f6e73652e737667)](https://camo.githubusercontent.com/59fc95151bec71a8f18e4cfb490308246b38ac09d871aae9b8d533373c8fd4da/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6d616464696e67746f6e2f64524d4d2d4356452d323032302d313335302d726573706f6e73652e737667)

### CVE-2020-1337

> An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://bbs.pediy.com/thread-261557.htm>
* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2020-1337> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/sailay1996/cve-2020-1337-poc> : [![starts](https://camo.githubusercontent.com/966a61d40a57bb48071af7c6e1d819865ee936178661931f6b5aa77f3e06829a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7361696c6179313939362f6376652d323032302d313333372d706f632e737667)](https://camo.githubusercontent.com/966a61d40a57bb48071af7c6e1d819865ee936178661931f6b5aa77f3e06829a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7361696c6179313939362f6376652d323032302d313333372d706f632e737667) [![forks](https://camo.githubusercontent.com/d516f8fd65ab37a85d9783fed5071eb048de61b5e6e9d18cdaa0f35be6f91b4e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7361696c6179313939362f6376652d323032302d313333372d706f632e737667)](https://camo.githubusercontent.com/d516f8fd65ab37a85d9783fed5071eb048de61b5e6e9d18cdaa0f35be6f91b4e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7361696c6179313939362f6376652d323032302d313333372d706f632e737667)
  * <https://github.com/math1as/CVE-2020-1337-exploit> : [![starts](https://camo.githubusercontent.com/37b72c6ab6b4e9f20adbffc5702cf64d485fdf2201746a0fad46690952abab59/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6174683161732f4356452d323032302d313333372d6578706c6f69742e737667)](https://camo.githubusercontent.com/37b72c6ab6b4e9f20adbffc5702cf64d485fdf2201746a0fad46690952abab59/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6174683161732f4356452d323032302d313333372d6578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/dc3e88e9467fa9e642ea714b8bc89b1163449a004af5617d3e4ef5558ee8abfc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6174683161732f4356452d323032302d313333372d6578706c6f69742e737667)](https://camo.githubusercontent.com/dc3e88e9467fa9e642ea714b8bc89b1163449a004af5617d3e4ef5558ee8abfc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6174683161732f4356452d323032302d313333372d6578706c6f69742e737667)
  * <https://github.com/neofito/CVE-2020-1337> : [![starts](https://camo.githubusercontent.com/5cb1bd741828176380229edbc944b9c3c4b5471a4bc63efcc623f309e9d84b25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e656f6669746f2f4356452d323032302d313333372e737667)](https://camo.githubusercontent.com/5cb1bd741828176380229edbc944b9c3c4b5471a4bc63efcc623f309e9d84b25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e656f6669746f2f4356452d323032302d313333372e737667) [![forks](https://camo.githubusercontent.com/8a3af8190601ce064bd3b4a5794749243beb8ffee07d699e47e0d7dc65e5c4f3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e656f6669746f2f4356452d323032302d313333372e737667)](https://camo.githubusercontent.com/8a3af8190601ce064bd3b4a5794749243beb8ffee07d699e47e0d7dc65e5c4f3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e656f6669746f2f4356452d323032302d313333372e737667)
  * <https://github.com/password520/cve-2020-1337-poc> : [![starts](https://camo.githubusercontent.com/1f2b1abe6577b41e0b5f1fd6d6702fb7ecc0cd249fae9437a0691663a9b3847a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70617373776f72643532302f6376652d323032302d313333372d706f632e737667)](https://camo.githubusercontent.com/1f2b1abe6577b41e0b5f1fd6d6702fb7ecc0cd249fae9437a0691663a9b3847a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70617373776f72643532302f6376652d323032302d313333372d706f632e737667) [![forks](https://camo.githubusercontent.com/c970f3531e648ca12f93e6467f6314825f51d0b5cf15aca37f5a7a7d965aafec/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f70617373776f72643532302f6376652d323032302d313333372d706f632e737667)](https://camo.githubusercontent.com/c970f3531e648ca12f93e6467f6314825f51d0b5cf15aca37f5a7a7d965aafec/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f70617373776f72643532302f6376652d323032302d313333372d706f632e737667)

### CVE-2020-1313

> An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://cloud.tencent.com/developer/article/1683124>
* **PoC**
  * <https://github.com/irsl/CVE-2020-1313> : [![starts](https://camo.githubusercontent.com/eab134a7cd7760ba32b745e185a8acb045a0de98142a8af9385677255fb3a14d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6972736c2f4356452d323032302d313331332e737667)](https://camo.githubusercontent.com/eab134a7cd7760ba32b745e185a8acb045a0de98142a8af9385677255fb3a14d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6972736c2f4356452d323032302d313331332e737667) [![forks](https://camo.githubusercontent.com/57abbb29fc8b15b728ac001943510d0f170fffa9e1541646c63bdd149aad6ee1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6972736c2f4356452d323032302d313331332e737667)](https://camo.githubusercontent.com/57abbb29fc8b15b728ac001943510d0f170fffa9e1541646c63bdd149aad6ee1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6972736c2f4356452d323032302d313331332e737667)

### CVE-2020-1301

> A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

* **Analyse**
  * <https://bbs.pediy.com/thread-260339.htm>
  * <https://s.tencent.com/research/bsafe/1007.html>
  * <https://airbus-cyber-security.com/diving-into-the-smblost-vulnerability-cve-2020-1301/>
* **PoC**
  * <https://github.com/shubham0d/CVE-2020-1301> : [![starts](https://camo.githubusercontent.com/cd7e963b1c96a5b369d913baeefca480d7491541f2756e8b50ecd18a91baac8f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7368756268616d30642f4356452d323032302d313330312e737667)](https://camo.githubusercontent.com/cd7e963b1c96a5b369d913baeefca480d7491541f2756e8b50ecd18a91baac8f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7368756268616d30642f4356452d323032302d313330312e737667) [![forks](https://camo.githubusercontent.com/c56ed66feb4d0bbae13a554e5522105b962ddd913600aedcb3667183f4b28362/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7368756268616d30642f4356452d323032302d313330312e737667)](https://camo.githubusercontent.com/c56ed66feb4d0bbae13a554e5522105b962ddd913600aedcb3667183f4b28362/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7368756268616d30642f4356452d323032302d313330312e737667)

### CVE-2020-1066

> An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://www.anquanke.com/post/id/205105>
  * <https://blog.csdn.net/qq_37353105/article/details/114481214>
* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2020-1066> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/cbwang505/CVE-2020-1066-EXP> : [![starts](https://camo.githubusercontent.com/d98779cdeed48c470d70dc024682d88f6b3c395ded6033de44306482f0f40937/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636277616e673530352f4356452d323032302d313036362d4558502e737667)](https://camo.githubusercontent.com/d98779cdeed48c470d70dc024682d88f6b3c395ded6033de44306482f0f40937/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636277616e673530352f4356452d323032302d313036362d4558502e737667) [![forks](https://camo.githubusercontent.com/c495daa10c907989f5775882e3ba3e337f2eb3ffeb0769a29a51f8d2e365c938/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636277616e673530352f4356452d323032302d313036362d4558502e737667)](https://camo.githubusercontent.com/c495daa10c907989f5775882e3ba3e337f2eb3ffeb0769a29a51f8d2e365c938/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636277616e673530352f4356452d323032302d313036362d4558502e737667)
  * <https://github.com/xyddnljydd/cve-2020-1066> : [![starts](https://camo.githubusercontent.com/9379ace9b1fd2e87ae39c17fc01a9fdaf8508c92c530e8bf1fa0bff4bff6a57c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f787964646e6c6a7964642f6376652d323032302d313036362e737667)](https://camo.githubusercontent.com/9379ace9b1fd2e87ae39c17fc01a9fdaf8508c92c530e8bf1fa0bff4bff6a57c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f787964646e6c6a7964642f6376652d323032302d313036362e737667) [![forks](https://camo.githubusercontent.com/ae25336b07a26fd032169c38b095d497683fcbb0aac825aac8f3eeb4026a31ea/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f787964646e6c6a7964642f6376652d323032302d313036362e737667)](https://camo.githubusercontent.com/ae25336b07a26fd032169c38b095d497683fcbb0aac825aac8f3eeb4026a31ea/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f787964646e6c6a7964642f6376652d323032302d313036362e737667)

### CVE-2020-1054

> An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.

* **Analyse**
  * <https://www.anquanke.com/post/id/209329>
  * <https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458334073&idx=1&sn=d8ffd415a148aac507b0173eb906badb&chksm=b18003f386f78ae5c76971e993f42409a0c22fd52468949bf08436469e7456f4cc836ab9ba71&scene=21>
  * <https://bbs.pediy.com/thread-260884.htm>
* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2020-1054> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/0xeb-bp/cve-2020-1054> : [![starts](https://camo.githubusercontent.com/e4dfbe41d73d510e924068061d7cd82c0093c0b6e937ac0fbfa376bb3ee037f0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f6376652d323032302d313035342e737667)](https://camo.githubusercontent.com/e4dfbe41d73d510e924068061d7cd82c0093c0b6e937ac0fbfa376bb3ee037f0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f6376652d323032302d313035342e737667) [![forks](https://camo.githubusercontent.com/208cca1a09847c371af457e36ce48b58fa069e69763317ed68ddfcea1edb2b4b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f6376652d323032302d313035342e737667)](https://camo.githubusercontent.com/208cca1a09847c371af457e36ce48b58fa069e69763317ed68ddfcea1edb2b4b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f6376652d323032302d313035342e737667)
  * <https://github.com/KaLendsi/CVE-2020-1054> : [![starts](https://camo.githubusercontent.com/e0e05acd56247193a09e262ef5f99614bd916229810b251f87b13bdc51cd098c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032302d313035342e737667)](https://camo.githubusercontent.com/e0e05acd56247193a09e262ef5f99614bd916229810b251f87b13bdc51cd098c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b614c656e6473692f4356452d323032302d313035342e737667) [![forks](https://camo.githubusercontent.com/1fe41fef9c0189637325b02882c582ec316fc621f3e14f49b79f5003c674bc44/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032302d313035342e737667)](https://camo.githubusercontent.com/1fe41fef9c0189637325b02882c582ec316fc621f3e14f49b79f5003c674bc44/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b614c656e6473692f4356452d323032302d313035342e737667)
  * <https://github.com/Iamgublin/CVE-2020-1054> : [![starts](https://camo.githubusercontent.com/8975807dc0207c5f08823b0d22068b1a600a564fa47cc3860dd96c3c0db3cdb0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f49616d6775626c696e2f4356452d323032302d313035342e737667)](https://camo.githubusercontent.com/8975807dc0207c5f08823b0d22068b1a600a564fa47cc3860dd96c3c0db3cdb0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f49616d6775626c696e2f4356452d323032302d313035342e737667) [![forks](https://camo.githubusercontent.com/e168349c7de23cc365d35a443c841a7087049afb7fecaa58875e8d820a1ea050/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f49616d6775626c696e2f4356452d323032302d313035342e737667)](https://camo.githubusercontent.com/e168349c7de23cc365d35a443c841a7087049afb7fecaa58875e8d820a1ea050/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f49616d6775626c696e2f4356452d323032302d313035342e737667)
  * <https://github.com/Graham382/CVE-2020-1054> : [![starts](https://camo.githubusercontent.com/91794b33ba82c3838b7c7998dc61a3f693d84550f0aef61b97f71474fb645801/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f47726168616d3338322f4356452d323032302d313035342e737667)](https://camo.githubusercontent.com/91794b33ba82c3838b7c7998dc61a3f693d84550f0aef61b97f71474fb645801/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f47726168616d3338322f4356452d323032302d313035342e737667) [![forks](https://camo.githubusercontent.com/293e1e8d1fd5fb276ca6c19d8d104ab555343e765164bc4ed6747688824f0a29/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f47726168616d3338322f4356452d323032302d313035342e737667)](https://camo.githubusercontent.com/293e1e8d1fd5fb276ca6c19d8d104ab555343e765164bc4ed6747688824f0a29/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f47726168616d3338322f4356452d323032302d313035342e737667)

### CVE-2020-1048

> An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.

* **Analyse**
  * <https://zhuanlan.kanxue.com/article-11214.htm>
  * <https://www.anquanke.com/post/id/222730>
  * <https://bbs.pediy.com/thread-261557.htm>
* **Exp**
  * <https://github.com/neofito/CVE-2020-1337> : [![starts](https://camo.githubusercontent.com/5cb1bd741828176380229edbc944b9c3c4b5471a4bc63efcc623f309e9d84b25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e656f6669746f2f4356452d323032302d313333372e737667)](https://camo.githubusercontent.com/5cb1bd741828176380229edbc944b9c3c4b5471a4bc63efcc623f309e9d84b25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e656f6669746f2f4356452d323032302d313333372e737667) [![forks](https://camo.githubusercontent.com/8a3af8190601ce064bd3b4a5794749243beb8ffee07d699e47e0d7dc65e5c4f3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e656f6669746f2f4356452d323032302d313333372e737667)](https://camo.githubusercontent.com/8a3af8190601ce064bd3b4a5794749243beb8ffee07d699e47e0d7dc65e5c4f3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e656f6669746f2f4356452d323032302d313333372e737667)
  * <https://github.com/shubham0d/CVE-2020-1048> : [![starts](https://camo.githubusercontent.com/2d1c16b995a7bdc5a25a6ef0506afd5e665c306a860a0e9010031f68fe42eba7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7368756268616d30642f4356452d323032302d313034382e737667)](https://camo.githubusercontent.com/2d1c16b995a7bdc5a25a6ef0506afd5e665c306a860a0e9010031f68fe42eba7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7368756268616d30642f4356452d323032302d313034382e737667) [![forks](https://camo.githubusercontent.com/67f43d110f4573db101881979bece9ae23b0b3a11a22885d8bcba74766ec9714/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7368756268616d30642f4356452d323032302d313034382e737667)](https://camo.githubusercontent.com/67f43d110f4573db101881979bece9ae23b0b3a11a22885d8bcba74766ec9714/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7368756268616d30642f4356452d323032302d313034382e737667)
  * <https://github.com/Ken-Abruzzi/CVE-2020-1048> : [![starts](https://camo.githubusercontent.com/8cc85df3c2286ffac09d25a57db91d681209b2fbf0f9445e65d4b6e3291361d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b656e2d416272757a7a692f4356452d323032302d313034382e737667)](https://camo.githubusercontent.com/8cc85df3c2286ffac09d25a57db91d681209b2fbf0f9445e65d4b6e3291361d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4b656e2d416272757a7a692f4356452d323032302d313034382e737667) [![forks](https://camo.githubusercontent.com/d9bcca15c18614f0779255d6378129e8855a7f83d716678b018048b1addc16d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b656e2d416272757a7a692f4356452d323032302d313034382e737667)](https://camo.githubusercontent.com/d9bcca15c18614f0779255d6378129e8855a7f83d716678b018048b1addc16d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4b656e2d416272757a7a692f4356452d323032302d313034382e737667)

### CVE-2020-1034

> An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less>
  * <https://windows-internals.com/exploiting-a-simple-vulnerability-part-1-5-the-info-leak/>
  * <https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/>
  * <https://cloud.tencent.com/developer/article/1750818>
  * <https://www.4hou.com/posts/Np4N>
  * <https://www.anquanke.com/post/id/223724>
* **PoC**
  * <https://github.com/yardenshafir/CVE-2020-1034> : [![starts](https://camo.githubusercontent.com/40d49d1eff997f2944fbd6d8ef93f61ecb41aee5069d3b60ba31a4ca31d6c4a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f79617264656e7368616669722f4356452d323032302d313033342e737667)](https://camo.githubusercontent.com/40d49d1eff997f2944fbd6d8ef93f61ecb41aee5069d3b60ba31a4ca31d6c4a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f79617264656e7368616669722f4356452d323032302d313033342e737667) [![forks](https://camo.githubusercontent.com/0f1d31da5b51039d2e812d343c3330089044dfb4b0ca70cc0e087199bc942697/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f79617264656e7368616669722f4356452d323032302d313033342e737667)](https://camo.githubusercontent.com/0f1d31da5b51039d2e812d343c3330089044dfb4b0ca70cc0e087199bc942697/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f79617264656e7368616669722f4356452d323032302d313033342e737667)

### CVE-2020-1015

> An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1011.

* **Analyse**
  * <https://0xeb-bp.com/blog/2020/05/12/cve-2020-1015-analysis.html>
  * <https://www.anquanke.com/post/id/217526>
* **PoC**
  * <https://github.com/0xeb-bp/cve-2020-1015> : [![starts](https://camo.githubusercontent.com/a43d486ee4efc96cfb74f77531ae26b3b6f4afd751260171c2d6e4dd2dc02cfb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f6376652d323032302d313031352e737667)](https://camo.githubusercontent.com/a43d486ee4efc96cfb74f77531ae26b3b6f4afd751260171c2d6e4dd2dc02cfb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f6376652d323032302d313031352e737667) [![forks](https://camo.githubusercontent.com/c2ea056bc3a0b62ad11dbf58fe74eec3067b5fddc7042f4c3b7455abe6618078/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f6376652d323032302d313031352e737667)](https://camo.githubusercontent.com/c2ea056bc3a0b62ad11dbf58fe74eec3067b5fddc7042f4c3b7455abe6618078/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f6376652d323032302d313031352e737667)

### CVE-2020-0883

> A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.

* **Exp**
  * <https://github.com/syadg123/CVE-2020-0883> : [![starts](https://camo.githubusercontent.com/de21a229055a9b9e103b9e85d052b65c668c46404418e6713fbb9ea539741021/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73796164673132332f4356452d323032302d303838332e737667)](https://camo.githubusercontent.com/de21a229055a9b9e103b9e85d052b65c668c46404418e6713fbb9ea539741021/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73796164673132332f4356452d323032302d303838332e737667) [![forks](https://camo.githubusercontent.com/968f13f5a0ba6e96037fc44ac765329394968c3c623bc5281b42bf65b92f7d01/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73796164673132332f4356452d323032302d303838332e737667)](https://camo.githubusercontent.com/968f13f5a0ba6e96037fc44ac765329394968c3c623bc5281b42bf65b92f7d01/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73796164673132332f4356452d323032302d303838332e737667)
  * <https://github.com/thelostworldFree/CVE-2020-0883> : [![starts](https://camo.githubusercontent.com/fb1a28f3afffad61f712b0338f97d542d9a92b4234e0919d70cad06f7d341377/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7468656c6f7374776f726c64467265652f4356452d323032302d303838332e737667)](https://camo.githubusercontent.com/fb1a28f3afffad61f712b0338f97d542d9a92b4234e0919d70cad06f7d341377/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7468656c6f7374776f726c64467265652f4356452d323032302d303838332e737667) [![forks](https://camo.githubusercontent.com/1aa779583ebf12253a370f3ef863dd8bf5f5c1720928fb950353c18001fa5b2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7468656c6f7374776f726c64467265652f4356452d323032302d303838332e737667)](https://camo.githubusercontent.com/1aa779583ebf12253a370f3ef863dd8bf5f5c1720928fb950353c18001fa5b2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7468656c6f7374776f726c64467265652f4356452d323032302d303838332e737667)

### CVE-2020-0814

> An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.

* **Exp**
  * <https://github.com/klinix5/CVE-2020-0814> : [![starts](https://camo.githubusercontent.com/ee2f737fecc999e16aa5647a677ae44085947897ff05b09f00a5117cba81c8e1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c696e6978352f4356452d323032302d303831342e737667)](https://camo.githubusercontent.com/ee2f737fecc999e16aa5647a677ae44085947897ff05b09f00a5117cba81c8e1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c696e6978352f4356452d323032302d303831342e737667) [![forks](https://camo.githubusercontent.com/9789e7f8c730443a2c15d8ca8d4a56aa30f5a02a0ebf89a629dac7d4974929dc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c696e6978352f4356452d323032302d303831342e737667)](https://camo.githubusercontent.com/9789e7f8c730443a2c15d8ca8d4a56aa30f5a02a0ebf89a629dac7d4974929dc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c696e6978352f4356452d323032302d303831342e737667)

### CVE-2020-0796

> A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

* **Analyse**
  * <https://paper.seebug.org/1168/>
  * <https://www.freebuf.com/column/230770.html>
  * <https://jcxp.github.io/2020/03/31/CVE-2020-0796-SMB%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/>
  * <https://www.cnblogs.com/potatsoSec/p/12484973.html>
  * <https://blog.csdn.net/RatOnSea/article/details/106399450>
  * <https://blogs.360.cn/post/CVE-2020-0796.html>
  * <https://zhuanlan.zhihu.com/p/133460472>
* **PoC**
  * <https://github.com/eerykitty/CVE-2020-0796-PoC> : [![starts](https://camo.githubusercontent.com/4a7deed3695f529a1f2eab7eba757776ee12b8bb32cf2496e62231ff1a3cb6df/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656572796b697474792f4356452d323032302d303739362d506f432e737667)](https://camo.githubusercontent.com/4a7deed3695f529a1f2eab7eba757776ee12b8bb32cf2496e62231ff1a3cb6df/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656572796b697474792f4356452d323032302d303739362d506f432e737667) [![forks](https://camo.githubusercontent.com/8300d9b43887922d10da5d0dc30d871f9082fa37a7b64f3141a94e74f91ece07/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656572796b697474792f4356452d323032302d303739362d506f432e737667)](https://camo.githubusercontent.com/8300d9b43887922d10da5d0dc30d871f9082fa37a7b64f3141a94e74f91ece07/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656572796b697474792f4356452d323032302d303739362d506f432e737667)
  * <https://github.com/psc4re/NSE-scripts> : [![starts](https://camo.githubusercontent.com/6bb18ba86562c9731f583f7c481178c463ac56db21fc9c4bf5221eebe2bedb2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7073633472652f4e53452d736372697074732e737667)](https://camo.githubusercontent.com/6bb18ba86562c9731f583f7c481178c463ac56db21fc9c4bf5221eebe2bedb2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7073633472652f4e53452d736372697074732e737667) [![forks](https://camo.githubusercontent.com/426596dd1a35a2562e44302ffcd1f02ac93321533eee4ce3dc4ae46fcd9d79fa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7073633472652f4e53452d736372697074732e737667)](https://camo.githubusercontent.com/426596dd1a35a2562e44302ffcd1f02ac93321533eee4ce3dc4ae46fcd9d79fa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7073633472652f4e53452d736372697074732e737667)
  * <https://github.com/claroty/CVE2020-0796> : [![starts](https://camo.githubusercontent.com/105e97777796ecb2da22b196cb9a937ad6cc98843cafcda2a18b6c47c505f14d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636c61726f74792f435645323032302d303739362e737667)](https://camo.githubusercontent.com/105e97777796ecb2da22b196cb9a937ad6cc98843cafcda2a18b6c47c505f14d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636c61726f74792f435645323032302d303739362e737667) [![forks](https://camo.githubusercontent.com/61ee8f1355e695d67ed7a8da595c7eed1885c35f79a685449e51932615558a21/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636c61726f74792f435645323032302d303739362e737667)](https://camo.githubusercontent.com/61ee8f1355e695d67ed7a8da595c7eed1885c35f79a685449e51932615558a21/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636c61726f74792f435645323032302d303739362e737667)
  * <https://github.com/ioncodes/SMBGhost> : [![starts](https://camo.githubusercontent.com/a4b843f20f8a37b9fb69cbe622a9302e08539b2bd7094746758eeb9ece2c1e2b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696f6e636f6465732f534d4247686f73742e737667)](https://camo.githubusercontent.com/a4b843f20f8a37b9fb69cbe622a9302e08539b2bd7094746758eeb9ece2c1e2b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696f6e636f6465732f534d4247686f73742e737667) [![forks](https://camo.githubusercontent.com/37b7ffb14a472a983b06525a56bdf5d72a0b02066454c787730e3a37b70704a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696f6e636f6465732f534d4247686f73742e737667)](https://camo.githubusercontent.com/37b7ffb14a472a983b06525a56bdf5d72a0b02066454c787730e3a37b70704a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696f6e636f6465732f534d4247686f73742e737667)
  * <https://github.com/jiansiting/CVE-2020-0796> : [![starts](https://camo.githubusercontent.com/bea90312f6762e0cd69cbf818d2e6a5ca489390909edb77d240574625483ae44/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a69616e736974696e672f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/bea90312f6762e0cd69cbf818d2e6a5ca489390909edb77d240574625483ae44/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a69616e736974696e672f4356452d323032302d303739362e737667) [![forks](https://camo.githubusercontent.com/e646c649ab16eef30b312ffab6ec1f4104ef73c7f99a5f5ec951c24ddf38c972/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a69616e736974696e672f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/e646c649ab16eef30b312ffab6ec1f4104ef73c7f99a5f5ec951c24ddf38c972/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a69616e736974696e672f4356452d323032302d303739362e737667)
  * <https://github.com/k8gege/PyLadon> : [![starts](https://camo.githubusercontent.com/866331634a847ca5253ba2079a3064e91eefc827218b222d2dd39414c8abdb23/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b38676567652f50794c61646f6e2e737667)](https://camo.githubusercontent.com/866331634a847ca5253ba2079a3064e91eefc827218b222d2dd39414c8abdb23/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b38676567652f50794c61646f6e2e737667) [![forks](https://camo.githubusercontent.com/16cdd7696fad6fb37a5990019d3394423a60e484c724df2c7e8b8131f9d17b87/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b38676567652f50794c61646f6e2e737667)](https://camo.githubusercontent.com/16cdd7696fad6fb37a5990019d3394423a60e484c724df2c7e8b8131f9d17b87/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b38676567652f50794c61646f6e2e737667)
  * <https://github.com/T13nn3s/CVE-2020-0796> : [![starts](https://camo.githubusercontent.com/7065fbfb8009a53ab67ca78fcdbbc6843ccb8215877a5833d9fd704bdcb491e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5431336e6e33732f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/7065fbfb8009a53ab67ca78fcdbbc6843ccb8215877a5833d9fd704bdcb491e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5431336e6e33732f4356452d323032302d303739362e737667) [![forks](https://camo.githubusercontent.com/7fd1526e2e05d612acd9b65d47c7dfad910ea329f57d0bb0404d3b952739bfb3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5431336e6e33732f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/7fd1526e2e05d612acd9b65d47c7dfad910ea329f57d0bb0404d3b952739bfb3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5431336e6e33732f4356452d323032302d303739362e737667)
  * <https://github.com/ZecOps/SMBGhost-SMBleed-scanner> : [![starts](https://camo.githubusercontent.com/7946906205091a65f889b36b7dfb7556e3128e2e9084fb94fd7925faf840c90c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65634f70732f534d4247686f73742d534d426c6565642d7363616e6e65722e737667)](https://camo.githubusercontent.com/7946906205091a65f889b36b7dfb7556e3128e2e9084fb94fd7925faf840c90c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65634f70732f534d4247686f73742d534d426c6565642d7363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/d6e4393fc128ab6edb83cf5517fb09b98596d9643609927a485aecd070fac872/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65634f70732f534d4247686f73742d534d426c6565642d7363616e6e65722e737667)](https://camo.githubusercontent.com/d6e4393fc128ab6edb83cf5517fb09b98596d9643609927a485aecd070fac872/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65634f70732f534d4247686f73742d534d426c6565642d7363616e6e65722e737667)
  * <https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC> : [![starts](https://camo.githubusercontent.com/9718f2163253d3449aea3e5d8381fe68922a3c66bf376d6fe0ee71ea30530da0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6178706c3069742f556e61757468656e746963617465642d4356452d323032302d303739362d506f432e737667)](https://camo.githubusercontent.com/9718f2163253d3449aea3e5d8381fe68922a3c66bf376d6fe0ee71ea30530da0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6178706c3069742f556e61757468656e746963617465642d4356452d323032302d303739362d506f432e737667) [![forks](https://camo.githubusercontent.com/d6f86a2757851593546b3ebea3a087fd226bce0a0dcaa0658712e33e02a0c460/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6178706c3069742f556e61757468656e746963617465642d4356452d323032302d303739362d506f432e737667)](https://camo.githubusercontent.com/d6f86a2757851593546b3ebea3a087fd226bce0a0dcaa0658712e33e02a0c460/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6178706c3069742f556e61757468656e746963617465642d4356452d323032302d303739362d506f432e737667)
  * <https://github.com/Aekras1a/CVE-2020-0796-PoC> : [![starts](https://camo.githubusercontent.com/019a548cccfebfc4289834da438e3483d19c2c7dd716a309327d49cc81873e3d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f41656b72617331612f4356452d323032302d303739362d506f432e737667)](https://camo.githubusercontent.com/019a548cccfebfc4289834da438e3483d19c2c7dd716a309327d49cc81873e3d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f41656b72617331612f4356452d323032302d303739362d506f432e737667) [![forks](https://camo.githubusercontent.com/851b7e062fab447e40fd2bd881e286688bd1c5bd58e4d0dd2d8253c6ef7f5ded/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f41656b72617331612f4356452d323032302d303739362d506f432e737667)](https://camo.githubusercontent.com/851b7e062fab447e40fd2bd881e286688bd1c5bd58e4d0dd2d8253c6ef7f5ded/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f41656b72617331612f4356452d323032302d303739362d506f432e737667)
  * <https://github.com/GuoKerS/aioScan_CVE-2020-0796> : [![starts](https://camo.githubusercontent.com/29da26f61b6914b7899890c52dc30dffbedaabaedb7e6eb7cb879441ad86fc0b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f47756f4b6572532f61696f5363616e5f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/29da26f61b6914b7899890c52dc30dffbedaabaedb7e6eb7cb879441ad86fc0b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f47756f4b6572532f61696f5363616e5f4356452d323032302d303739362e737667) [![forks](https://camo.githubusercontent.com/7bf217d3619d246d6839dca80da70cd20e32df15682767999f3217463a3d17b6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f47756f4b6572532f61696f5363616e5f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/7bf217d3619d246d6839dca80da70cd20e32df15682767999f3217463a3d17b6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f47756f4b6572532f61696f5363616e5f4356452d323032302d303739362e737667)
  * <https://github.com/joaozietolie/CVE-2020-0796-Checker> : [![starts](https://camo.githubusercontent.com/bed20592e506ca656b592a8f8068a88912ee1cf0c6e9d607b97954ad9693a5a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6f616f7a6965746f6c69652f4356452d323032302d303739362d436865636b65722e737667)](https://camo.githubusercontent.com/bed20592e506ca656b592a8f8068a88912ee1cf0c6e9d607b97954ad9693a5a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6f616f7a6965746f6c69652f4356452d323032302d303739362d436865636b65722e737667) [![forks](https://camo.githubusercontent.com/4d4bc10c649982a4ae0dbe057aadb7b36a806b252d8bc7b8c3d560377b6d904f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6f616f7a6965746f6c69652f4356452d323032302d303739362d436865636b65722e737667)](https://camo.githubusercontent.com/4d4bc10c649982a4ae0dbe057aadb7b36a806b252d8bc7b8c3d560377b6d904f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6f616f7a6965746f6c69652f4356452d323032302d303739362d436865636b65722e737667)
  * <https://github.com/gabimarti/SMBScanner> : [![starts](https://camo.githubusercontent.com/a16c1fe0847d1f1a67a3f43deb7a12f0326f8c4533bb69d4589eee6bdad978c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f676162696d617274692f534d425363616e6e65722e737667)](https://camo.githubusercontent.com/a16c1fe0847d1f1a67a3f43deb7a12f0326f8c4533bb69d4589eee6bdad978c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f676162696d617274692f534d425363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/e71a597b78030c2c1abe3fa79a9d3e21abaa3745a3ed5bd81dcec23236ed2cd0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f676162696d617274692f534d425363616e6e65722e737667)](https://camo.githubusercontent.com/e71a597b78030c2c1abe3fa79a9d3e21abaa3745a3ed5bd81dcec23236ed2cd0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f676162696d617274692f534d425363616e6e65722e737667)
  * <https://github.com/w1ld3r/SMBGhost_Scanner> : [![starts](https://camo.githubusercontent.com/24abd160454278fd8355cf7cda140f580b5adc90ff7439ad53d3c5d8a794b395/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77316c6433722f534d4247686f73745f5363616e6e65722e737667)](https://camo.githubusercontent.com/24abd160454278fd8355cf7cda140f580b5adc90ff7439ad53d3c5d8a794b395/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77316c6433722f534d4247686f73745f5363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/4626cee03abe08ad5c4d228f7d16fc080ec62cc106dc5c761b83cb680f422b4f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77316c6433722f534d4247686f73745f5363616e6e65722e737667)](https://camo.githubusercontent.com/4626cee03abe08ad5c4d228f7d16fc080ec62cc106dc5c761b83cb680f422b4f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77316c6433722f534d4247686f73745f5363616e6e65722e737667)
  * <https://github.com/dickens88/cve-2020-0796-scanner> : [![starts](https://camo.githubusercontent.com/eecc885fad8b08297656d4863a2208c4ba54633ddbc0b509211e0c9985c00c69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6469636b656e7338382f6376652d323032302d303739362d7363616e6e65722e737667)](https://camo.githubusercontent.com/eecc885fad8b08297656d4863a2208c4ba54633ddbc0b509211e0c9985c00c69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6469636b656e7338382f6376652d323032302d303739362d7363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/97b2211a5068697fd3a14463c2517e776ef20e3c64442e77942a8dd53b9d8f38/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6469636b656e7338382f6376652d323032302d303739362d7363616e6e65722e737667)](https://camo.githubusercontent.com/97b2211a5068697fd3a14463c2517e776ef20e3c64442e77942a8dd53b9d8f38/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6469636b656e7338382f6376652d323032302d303739362d7363616e6e65722e737667)
  * <https://github.com/jiansiting/CVE-2020-0796-Scanner> : [![starts](https://camo.githubusercontent.com/bd41db544c33f77c2b306708f95200f4c618db3ba83c41b5e316b0372d8ad04d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a69616e736974696e672f4356452d323032302d303739362d5363616e6e65722e737667)](https://camo.githubusercontent.com/bd41db544c33f77c2b306708f95200f4c618db3ba83c41b5e316b0372d8ad04d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a69616e736974696e672f4356452d323032302d303739362d5363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/10d46a327a5d55d8ea27f9fcaa3676db32cf75fe2974370c2fd3a7f9d9fc3e1c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a69616e736974696e672f4356452d323032302d303739362d5363616e6e65722e737667)](https://camo.githubusercontent.com/10d46a327a5d55d8ea27f9fcaa3676db32cf75fe2974370c2fd3a7f9d9fc3e1c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a69616e736974696e672f4356452d323032302d303739362d5363616e6e65722e737667)
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2020-0796> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/danigargu/CVE-2020-0796> : [![starts](https://camo.githubusercontent.com/71910d7320d0a9b43938454becb4ef54aa30d78d485461c5c0a0e5c44e7a0015/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64616e6967617267752f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/71910d7320d0a9b43938454becb4ef54aa30d78d485461c5c0a0e5c44e7a0015/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f64616e6967617267752f4356452d323032302d303739362e737667) [![forks](https://camo.githubusercontent.com/5432a57d405fe01c4d2760e02d4c0f7e26b042905061c55d7727cfea24313aa3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f64616e6967617267752f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/5432a57d405fe01c4d2760e02d4c0f7e26b042905061c55d7727cfea24313aa3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f64616e6967617267752f4356452d323032302d303739362e737667)
  * <https://github.com/ollypwn/SMBGhost> : [![starts](https://camo.githubusercontent.com/7208c93df1598d1937f22a23a9c6a3d970d4ec31eea99e716557aa71034529b2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6c6c7970776e2f534d4247686f73742e737667)](https://camo.githubusercontent.com/7208c93df1598d1937f22a23a9c6a3d970d4ec31eea99e716557aa71034529b2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6c6c7970776e2f534d4247686f73742e737667) [![forks](https://camo.githubusercontent.com/7736f49e650f2565ba6dbe50f6127e3fd5166ecdee74b9e3bb0927d529beff0e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6c6c7970776e2f534d4247686f73742e737667)](https://camo.githubusercontent.com/7736f49e650f2565ba6dbe50f6127e3fd5166ecdee74b9e3bb0927d529beff0e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6c6c7970776e2f534d4247686f73742e737667)
  * <https://github.com/ZecOps/CVE-2020-0796-RCE-POC> : [![starts](https://camo.githubusercontent.com/9f654dce9095a38a67935e8e51517d68835f6621acfff0f66b066fa28f12cad7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65634f70732f4356452d323032302d303739362d5243452d504f432e737667)](https://camo.githubusercontent.com/9f654dce9095a38a67935e8e51517d68835f6621acfff0f66b066fa28f12cad7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65634f70732f4356452d323032302d303739362d5243452d504f432e737667) [![forks](https://camo.githubusercontent.com/82b68eda188cbebe808d03dd3a43c449bf6dc907a3b4bfd0ac9813103df032bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65634f70732f4356452d323032302d303739362d5243452d504f432e737667)](https://camo.githubusercontent.com/82b68eda188cbebe808d03dd3a43c449bf6dc907a3b4bfd0ac9813103df032bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65634f70732f4356452d323032302d303739362d5243452d504f432e737667)
  * <https://github.com/ZecOps/CVE-2020-0796-LPE-POC> : [![starts](https://camo.githubusercontent.com/c04603861c5f4eebb6186f8374c312910db9bb73cc4794f64273b8f92648b22d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65634f70732f4356452d323032302d303739362d4c50452d504f432e737667)](https://camo.githubusercontent.com/c04603861c5f4eebb6186f8374c312910db9bb73cc4794f64273b8f92648b22d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a65634f70732f4356452d323032302d303739362d4c50452d504f432e737667) [![forks](https://camo.githubusercontent.com/a6e0d6d93f457d07f536c479d87591ab3dfbfb1708c8d00328711416ca2b0e57/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65634f70732f4356452d323032302d303739362d4c50452d504f432e737667)](https://camo.githubusercontent.com/a6e0d6d93f457d07f536c479d87591ab3dfbfb1708c8d00328711416ca2b0e57/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a65634f70732f4356452d323032302d303739362d4c50452d504f432e737667)
  * <https://github.com/Barriuso/SMBGhost_AutomateExploitation> : [![starts](https://camo.githubusercontent.com/d323f5d5654fe6a989a6f155cf2c1a50b9f9c4a4be2f13f3155b527c3fd31432/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f426172726975736f2f534d4247686f73745f4175746f6d6174654578706c6f69746174696f6e2e737667)](https://camo.githubusercontent.com/d323f5d5654fe6a989a6f155cf2c1a50b9f9c4a4be2f13f3155b527c3fd31432/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f426172726975736f2f534d4247686f73745f4175746f6d6174654578706c6f69746174696f6e2e737667) [![forks](https://camo.githubusercontent.com/f8898c63e3478f02dfd6ba3d553e58c7e6467aa9e693dc332bccec2e48ef2e4e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f426172726975736f2f534d4247686f73745f4175746f6d6174654578706c6f69746174696f6e2e737667)](https://camo.githubusercontent.com/f8898c63e3478f02dfd6ba3d553e58c7e6467aa9e693dc332bccec2e48ef2e4e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f426172726975736f2f534d4247686f73745f4175746f6d6174654578706c6f69746174696f6e2e737667)
  * <https://github.com/Rvn0xsy/CVE_2020_0796_CNA> : [![starts](https://camo.githubusercontent.com/9f88424328ecd6f439e821b2a508c5fe9d5b802188cc24f490ff05c041eff17a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f52766e307873792f4356455f323032305f303739365f434e412e737667)](https://camo.githubusercontent.com/9f88424328ecd6f439e821b2a508c5fe9d5b802188cc24f490ff05c041eff17a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f52766e307873792f4356455f323032305f303739365f434e412e737667) [![forks](https://camo.githubusercontent.com/c9b8e6b892d47a07a0921cd28db52e13d2f7906e1715e86591edfe216747f912/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f52766e307873792f4356455f323032305f303739365f434e412e737667)](https://camo.githubusercontent.com/c9b8e6b892d47a07a0921cd28db52e13d2f7906e1715e86591edfe216747f912/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f52766e307873792f4356455f323032305f303739365f434e412e737667)
  * <https://github.com/rsmudge/CVE-2020-0796-BOF> : [![starts](https://camo.githubusercontent.com/d6d4ece9f993a0dcb898f703247140ecad6b7b14aa8a2adf33f94a6fec109e28/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f72736d756467652f4356452d323032302d303739362d424f462e737667)](https://camo.githubusercontent.com/d6d4ece9f993a0dcb898f703247140ecad6b7b14aa8a2adf33f94a6fec109e28/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f72736d756467652f4356452d323032302d303739362d424f462e737667) [![forks](https://camo.githubusercontent.com/a60199acfeef387cfec8bf17eed79d97088fccaa8912c95a11f1dbd4c279b410/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f72736d756467652f4356452d323032302d303739362d424f462e737667)](https://camo.githubusercontent.com/a60199acfeef387cfec8bf17eed79d97088fccaa8912c95a11f1dbd4c279b410/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f72736d756467652f4356452d323032302d303739362d424f462e737667)
  * <https://github.com/eastmountyxz/CVE-2020-0796-SMB> : [![starts](https://camo.githubusercontent.com/f6fd8dea03ea8f762b1f43d281e797d9db85f68f133d7bdeadc4285b3e4f6a15/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656173746d6f756e7479787a2f4356452d323032302d303739362d534d422e737667)](https://camo.githubusercontent.com/f6fd8dea03ea8f762b1f43d281e797d9db85f68f133d7bdeadc4285b3e4f6a15/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656173746d6f756e7479787a2f4356452d323032302d303739362d534d422e737667) [![forks](https://camo.githubusercontent.com/80337a4bf8cfb0aa3594b759e926fabd5d43d36d4832a4ee6f63864d7ce39322/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656173746d6f756e7479787a2f4356452d323032302d303739362d534d422e737667)](https://camo.githubusercontent.com/80337a4bf8cfb0aa3594b759e926fabd5d43d36d4832a4ee6f63864d7ce39322/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656173746d6f756e7479787a2f4356452d323032302d303739362d534d422e737667)
  * <https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module> : [![starts](https://camo.githubusercontent.com/8be83bc2952b0755699e4406e73056d78f59c8376018afe6b00c5221b135b184/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c6d6f72616265612f534d4247686f73742d4c50452d4d65746173706c6f69742d4d6f64756c652e737667)](https://camo.githubusercontent.com/8be83bc2952b0755699e4406e73056d78f59c8376018afe6b00c5221b135b184/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c6d6f72616265612f534d4247686f73742d4c50452d4d65746173706c6f69742d4d6f64756c652e737667) [![forks](https://camo.githubusercontent.com/e3fedd797fe5daa162d2c9019a33035e9066ca1ddfaeac931c71de853e555b4e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c6d6f72616265612f534d4247686f73742d4c50452d4d65746173706c6f69742d4d6f64756c652e737667)](https://camo.githubusercontent.com/e3fedd797fe5daa162d2c9019a33035e9066ca1ddfaeac931c71de853e555b4e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c6d6f72616265612f534d4247686f73742d4c50452d4d65746173706c6f69742d4d6f64756c652e737667)
  * <https://github.com/f1tz/CVE-2020-0796-LPE-EXP> : [![starts](https://camo.githubusercontent.com/e475334edee5ba118ad0c2729d14abc493ad5b27f3b567123688c48a111a46b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6631747a2f4356452d323032302d303739362d4c50452d4558502e737667)](https://camo.githubusercontent.com/e475334edee5ba118ad0c2729d14abc493ad5b27f3b567123688c48a111a46b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6631747a2f4356452d323032302d303739362d4c50452d4558502e737667) [![forks](https://camo.githubusercontent.com/006e7f447f28769fa24b1615a03a55e385c69566331a031cef43d0077c436a6b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6631747a2f4356452d323032302d303739362d4c50452d4558502e737667)](https://camo.githubusercontent.com/006e7f447f28769fa24b1615a03a55e385c69566331a031cef43d0077c436a6b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6631747a2f4356452d323032302d303739362d4c50452d4558502e737667)
  * <https://github.com/thelostworldFree/CVE-2020-0796> : [![starts](https://camo.githubusercontent.com/4de96dd85b4513fea09e0ee24b57e33f824bc42b3e242a41ab66a84392053497/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7468656c6f7374776f726c64467265652f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/4de96dd85b4513fea09e0ee24b57e33f824bc42b3e242a41ab66a84392053497/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7468656c6f7374776f726c64467265652f4356452d323032302d303739362e737667) [![forks](https://camo.githubusercontent.com/76dcc6510e5b58400779a81c12d9b9a5f9db7e188cfe4b4086858f61fc46b425/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7468656c6f7374776f726c64467265652f4356452d323032302d303739362e737667)](https://camo.githubusercontent.com/76dcc6510e5b58400779a81c12d9b9a5f9db7e188cfe4b4086858f61fc46b425/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7468656c6f7374776f726c64467265652f4356452d323032302d303739362e737667)

### CVE-2020-0787

> An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://f5.pm/go-28382.html>
  * <https://itm4n.github.io/cve-2020-0787-windows-bits-eop/>
  * <https://xz.aliyun.com/t/7935>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2020-0787> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION> : [![starts](https://camo.githubusercontent.com/671ac6309219f22bdd7407287813b1934ac2c3a83a249a2311cbc19d04147cf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636277616e673530352f4356452d323032302d303738372d4558502d414c4c2d57494e444f57532d56455253494f4e2e737667)](https://camo.githubusercontent.com/671ac6309219f22bdd7407287813b1934ac2c3a83a249a2311cbc19d04147cf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636277616e673530352f4356452d323032302d303738372d4558502d414c4c2d57494e444f57532d56455253494f4e2e737667) [![forks](https://camo.githubusercontent.com/c9c2ba056a3e3db67b30f6554dfe735350bde343b1552ddfb07bba78272efce1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636277616e673530352f4356452d323032302d303738372d4558502d414c4c2d57494e444f57532d56455253494f4e2e737667)](https://camo.githubusercontent.com/c9c2ba056a3e3db67b30f6554dfe735350bde343b1552ddfb07bba78272efce1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636277616e673530352f4356452d323032302d303738372d4558502d414c4c2d57494e444f57532d56455253494f4e2e737667)
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2020-0787> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)

### CVE-2020-0754

> An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0753.

* **Exp**
  * <https://github.com/afang5472/CVE-2020-0753-and-CVE-2020-0754> : [![starts](https://camo.githubusercontent.com/c1d286b2e1937ea67cb5ffaee1ceec69879ed3a7ff30b24e1e7e82b4ff59f38b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667)](https://camo.githubusercontent.com/c1d286b2e1937ea67cb5ffaee1ceec69879ed3a7ff30b24e1e7e82b4ff59f38b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667) [![forks](https://camo.githubusercontent.com/29d4fa9409c266ae4af6a133eb48988846470b4878b74d9472cf76bdcd7280b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667)](https://camo.githubusercontent.com/29d4fa9409c266ae4af6a133eb48988846470b4878b74d9472cf76bdcd7280b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667)

### CVE-2020-0753

> An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0754.

* **Exp**
  * <https://github.com/afang5472/CVE-2020-0753-and-CVE-2020-0754> : [![starts](https://camo.githubusercontent.com/c1d286b2e1937ea67cb5ffaee1ceec69879ed3a7ff30b24e1e7e82b4ff59f38b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667)](https://camo.githubusercontent.com/c1d286b2e1937ea67cb5ffaee1ceec69879ed3a7ff30b24e1e7e82b4ff59f38b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667) [![forks](https://camo.githubusercontent.com/29d4fa9409c266ae4af6a133eb48988846470b4878b74d9472cf76bdcd7280b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667)](https://camo.githubusercontent.com/29d4fa9409c266ae4af6a133eb48988846470b4878b74d9472cf76bdcd7280b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6166616e67353437322f4356452d323032302d303735332d616e642d4356452d323032302d303735342e737667)

### CVE-2020-0683

> An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.

* **Exp**
  * <https://github.com/padovah4ck/CVE-2020-0683> : [![starts](https://camo.githubusercontent.com/a9f176f247bb9ed3633e9fcdb3cdec042ea7ecbc609c68a1c3a2aa4776b95026/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7061646f76616834636b2f4356452d323032302d303638332e737667)](https://camo.githubusercontent.com/a9f176f247bb9ed3633e9fcdb3cdec042ea7ecbc609c68a1c3a2aa4776b95026/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7061646f76616834636b2f4356452d323032302d303638332e737667) [![forks](https://camo.githubusercontent.com/c05dba8b51db70f0cb429e9294f2a91f035b7b02c8a26c25334bc52115a7a5c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7061646f76616834636b2f4356452d323032302d303638332e737667)](https://camo.githubusercontent.com/c05dba8b51db70f0cb429e9294f2a91f035b7b02c8a26c25334bc52115a7a5c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7061646f76616834636b2f4356452d323032302d303638332e737667)
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2020-0683> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)

### CVE-2020-0668

> An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.

* **Analyse**
  * <https://www.anquanke.com/post/id/199011>
  * <https://www.freebuf.com/vuls/227557.html>
  * <https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/>
* **PoC**
  * <https://github.com/itm4n/SysTracingPoc> : [![starts](https://camo.githubusercontent.com/856d57ea05e4f2283099fa7e96baf6e46527fcb377f7a174a6e76c618643cbfc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f69746d346e2f53797354726163696e67506f632e737667)](https://camo.githubusercontent.com/856d57ea05e4f2283099fa7e96baf6e46527fcb377f7a174a6e76c618643cbfc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f69746d346e2f53797354726163696e67506f632e737667) [![forks](https://camo.githubusercontent.com/27d2f54240283af5fffe9d6d0148429c7a981493a02d8a1e8ad26c10d57d1d7f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f69746d346e2f53797354726163696e67506f632e737667)](https://camo.githubusercontent.com/27d2f54240283af5fffe9d6d0148429c7a981493a02d8a1e8ad26c10d57d1d7f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f69746d346e2f53797354726163696e67506f632e737667)
* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2020-0668> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/RedCursorSecurityConsulting/CVE-2020-0668> : [![starts](https://camo.githubusercontent.com/8cd19ea13e41aa077272034d297b4f6f281099cc3a97343e65f2b1723424505e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f526564437572736f725365637572697479436f6e73756c74696e672f4356452d323032302d303636382e737667)](https://camo.githubusercontent.com/8cd19ea13e41aa077272034d297b4f6f281099cc3a97343e65f2b1723424505e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f526564437572736f725365637572697479436f6e73756c74696e672f4356452d323032302d303636382e737667) [![forks](https://camo.githubusercontent.com/fb731fab3b29204f10f23ccd53538334fc4c27f0d6c051fd0dd54e7d20b11831/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f526564437572736f725365637572697479436f6e73756c74696e672f4356452d323032302d303636382e737667)](https://camo.githubusercontent.com/fb731fab3b29204f10f23ccd53538334fc4c27f0d6c051fd0dd54e7d20b11831/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f526564437572736f725365637572697479436f6e73756c74696e672f4356452d323032302d303636382e737667)
  * <https://github.com/Nan3r/CVE-2020-0668> : [![starts](https://camo.githubusercontent.com/5ad32212ba1b52c0142bf309498a9a7107b5d2c43b8de2e6ea5a9579f33860fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4e616e33722f4356452d323032302d303636382e737667)](https://camo.githubusercontent.com/5ad32212ba1b52c0142bf309498a9a7107b5d2c43b8de2e6ea5a9579f33860fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4e616e33722f4356452d323032302d303636382e737667) [![forks](https://camo.githubusercontent.com/9189e23f3ed2faee4a062b3a1dd34f71253628e3c49a6546e84568450e56c014/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4e616e33722f4356452d323032302d303636382e737667)](https://camo.githubusercontent.com/9189e23f3ed2faee4a062b3a1dd34f71253628e3c49a6546e84568450e56c014/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4e616e33722f4356452d323032302d303636382e737667)

### CVE-2020-0624

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642.

* **Analyse**
  * <https://bbs.pediy.com/thread-260605.htm>
  * <https://www.sec-wiki.com/news/28042>
  * <https://mp.weixin.qq.com/s/GHiTqWlxisyVWxVHcACpvg>
* **PoC**
  * <https://github.com/james0x40/CVE-2020-0624> : [![starts](https://camo.githubusercontent.com/bd21a16f897c002fd2b9464c1a9c72c66bcd95180d3716170f3559027eb27943/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a616d6573307834302f4356452d323032302d303632342e737667)](https://camo.githubusercontent.com/bd21a16f897c002fd2b9464c1a9c72c66bcd95180d3716170f3559027eb27943/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a616d6573307834302f4356452d323032302d303632342e737667) [![forks](https://camo.githubusercontent.com/66f75c0e3b8608e42c1930dd72d817633e64f9ca3840e7bb73beacb92e3f6819/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a616d6573307834302f4356452d323032302d303632342e737667)](https://camo.githubusercontent.com/66f75c0e3b8608e42c1930dd72d817633e64f9ca3840e7bb73beacb92e3f6819/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a616d6573307834302f4356452d323032302d303632342e737667)

### CVE-2020-0610

> A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.

* **Analyse**
  * <https://www.4hou.com/posts/mMpn>
  * <https://www.023niu.com/show-62-552-1.html>
* **PoC**
  * <https://github.com/ollypwn/BlueGate> : [![starts](https://camo.githubusercontent.com/3fa5fc36bbde02d4ce57674d4be0a614d69525b45d9e14aca0233160dc665b88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6c6c7970776e2f426c7565476174652e737667)](https://camo.githubusercontent.com/3fa5fc36bbde02d4ce57674d4be0a614d69525b45d9e14aca0233160dc665b88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6c6c7970776e2f426c7565476174652e737667) [![forks](https://camo.githubusercontent.com/19e73b5ec29381c8a065118287c19ab10a25cb41eab1cb4a1a3712755d3bb25a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6c6c7970776e2f426c7565476174652e737667)](https://camo.githubusercontent.com/19e73b5ec29381c8a065118287c19ab10a25cb41eab1cb4a1a3712755d3bb25a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6c6c7970776e2f426c7565476174652e737667)
  * <https://github.com/ioncodes/BlueGate> : [![starts](https://camo.githubusercontent.com/9ae3d75f555ce1d12daf0d1f31c10dd90ae62d9bcd153bf1c394e8fba7c7024c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696f6e636f6465732f426c7565476174652e737667)](https://camo.githubusercontent.com/9ae3d75f555ce1d12daf0d1f31c10dd90ae62d9bcd153bf1c394e8fba7c7024c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696f6e636f6465732f426c7565476174652e737667) [![forks](https://camo.githubusercontent.com/fb241c82e081f4792e761b2d1efd97fd9377c022852b4121c16e16fa1694e24c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696f6e636f6465732f426c7565476174652e737667)](https://camo.githubusercontent.com/fb241c82e081f4792e761b2d1efd97fd9377c022852b4121c16e16fa1694e24c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696f6e636f6465732f426c7565476174652e737667)
  * <https://github.com/MalwareTech/RDGScanner> : [![starts](https://camo.githubusercontent.com/054b560f1eb86d097ab0306b4dbd0e9ab7e2ef01274249230b2e2fa64c147abe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d616c77617265546563682f5244475363616e6e65722e737667)](https://camo.githubusercontent.com/054b560f1eb86d097ab0306b4dbd0e9ab7e2ef01274249230b2e2fa64c147abe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d616c77617265546563682f5244475363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/104e4986b50db121402fb2c7448f911ce8e5abaeab8353951c362fcc948cc5e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d616c77617265546563682f5244475363616e6e65722e737667)](https://camo.githubusercontent.com/104e4986b50db121402fb2c7448f911ce8e5abaeab8353951c362fcc948cc5e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d616c77617265546563682f5244475363616e6e65722e737667)
  * <https://github.com/2d4d/rdg_scanner_cve-2020-0609> : [![starts](https://camo.githubusercontent.com/96dd2be4d0756d48c6b76baaeae92826e515b526b87df0d231220cb6cc9ed26e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667)](https://camo.githubusercontent.com/96dd2be4d0756d48c6b76baaeae92826e515b526b87df0d231220cb6cc9ed26e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667) [![forks](https://camo.githubusercontent.com/43e695599dbb804cfaec3036f20910bec4a1a28aa9dcc33ebd80774e16de0b6c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667)](https://camo.githubusercontent.com/43e695599dbb804cfaec3036f20910bec4a1a28aa9dcc33ebd80774e16de0b6c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667)

### CVE-2020-0609

> A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.

* **Analyse**
  * <https://www.4hou.com/posts/mMpn>
  * <https://www.023niu.com/show-62-552-1.html>
* **PoC**
  * <https://github.com/ollypwn/BlueGate> : [![starts](https://camo.githubusercontent.com/3fa5fc36bbde02d4ce57674d4be0a614d69525b45d9e14aca0233160dc665b88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6c6c7970776e2f426c7565476174652e737667)](https://camo.githubusercontent.com/3fa5fc36bbde02d4ce57674d4be0a614d69525b45d9e14aca0233160dc665b88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f6c6c7970776e2f426c7565476174652e737667) [![forks](https://camo.githubusercontent.com/19e73b5ec29381c8a065118287c19ab10a25cb41eab1cb4a1a3712755d3bb25a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6c6c7970776e2f426c7565476174652e737667)](https://camo.githubusercontent.com/19e73b5ec29381c8a065118287c19ab10a25cb41eab1cb4a1a3712755d3bb25a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f6c6c7970776e2f426c7565476174652e737667)
  * <https://github.com/ioncodes/BlueGate> : [![starts](https://camo.githubusercontent.com/9ae3d75f555ce1d12daf0d1f31c10dd90ae62d9bcd153bf1c394e8fba7c7024c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696f6e636f6465732f426c7565476174652e737667)](https://camo.githubusercontent.com/9ae3d75f555ce1d12daf0d1f31c10dd90ae62d9bcd153bf1c394e8fba7c7024c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696f6e636f6465732f426c7565476174652e737667) [![forks](https://camo.githubusercontent.com/fb241c82e081f4792e761b2d1efd97fd9377c022852b4121c16e16fa1694e24c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696f6e636f6465732f426c7565476174652e737667)](https://camo.githubusercontent.com/fb241c82e081f4792e761b2d1efd97fd9377c022852b4121c16e16fa1694e24c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696f6e636f6465732f426c7565476174652e737667)
  * <https://github.com/MalwareTech/RDGScanner> : [![starts](https://camo.githubusercontent.com/054b560f1eb86d097ab0306b4dbd0e9ab7e2ef01274249230b2e2fa64c147abe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d616c77617265546563682f5244475363616e6e65722e737667)](https://camo.githubusercontent.com/054b560f1eb86d097ab0306b4dbd0e9ab7e2ef01274249230b2e2fa64c147abe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d616c77617265546563682f5244475363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/104e4986b50db121402fb2c7448f911ce8e5abaeab8353951c362fcc948cc5e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d616c77617265546563682f5244475363616e6e65722e737667)](https://camo.githubusercontent.com/104e4986b50db121402fb2c7448f911ce8e5abaeab8353951c362fcc948cc5e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d616c77617265546563682f5244475363616e6e65722e737667)
  * <https://github.com/2d4d/rdg_scanner_cve-2020-0609> : [![starts](https://camo.githubusercontent.com/96dd2be4d0756d48c6b76baaeae92826e515b526b87df0d231220cb6cc9ed26e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667)](https://camo.githubusercontent.com/96dd2be4d0756d48c6b76baaeae92826e515b526b87df0d231220cb6cc9ed26e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667) [![forks](https://camo.githubusercontent.com/43e695599dbb804cfaec3036f20910bec4a1a28aa9dcc33ebd80774e16de0b6c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667)](https://camo.githubusercontent.com/43e695599dbb804cfaec3036f20910bec4a1a28aa9dcc33ebd80774e16de0b6c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f326434642f7264675f7363616e6e65725f6376652d323032302d303630392e737667)
  * <https://github.com/Archi73ct/CVE-2020-0609> : [![starts](https://camo.githubusercontent.com/e778eca3693d3c0901b20244f21e0108131b250fddabce829018df4111237000/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4172636869373363742f4356452d323032302d303630392e737667)](https://camo.githubusercontent.com/e778eca3693d3c0901b20244f21e0108131b250fddabce829018df4111237000/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4172636869373363742f4356452d323032302d303630392e737667) [![forks](https://camo.githubusercontent.com/85ee00b2dd779f727c3b77ff18976de5b01edc69d70c93413d262a1be88bf622/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4172636869373363742f4356452d323032302d303630392e737667)](https://camo.githubusercontent.com/85ee00b2dd779f727c3b77ff18976de5b01edc69d70c93413d262a1be88bf622/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4172636869373363742f4356452d323032302d303630392e737667)

## 2019

### CVE-2019-1477

> An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.

* **PoC**
  * <https://github.com/intellee/CVE-2019-1477> : [![starts](https://camo.githubusercontent.com/7f7879deda87ef8a960f8059ef7aaa24a799e8a5eba65edb863777fcd945662d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e74656c6c65652f4356452d323031392d313437372e737667)](https://camo.githubusercontent.com/7f7879deda87ef8a960f8059ef7aaa24a799e8a5eba65edb863777fcd945662d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f696e74656c6c65652f4356452d323031392d313437372e737667) [![forks](https://camo.githubusercontent.com/4c7ca2c4aae9337cd37045169bc5b8727659801e347da4ae592cbda8c4c6ab18/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696e74656c6c65652f4356452d323031392d313437372e737667)](https://camo.githubusercontent.com/4c7ca2c4aae9337cd37045169bc5b8727659801e347da4ae592cbda8c4c6ab18/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f696e74656c6c65652f4356452d323031392d313437372e737667)

### CVE-2019-1476

> An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.

* **Exp**
  * <https://github.com/sgabe/CVE-2019-1476> : [![starts](https://camo.githubusercontent.com/04fbe98add63f0fedee6b987d198252162a60f29a4082806e93b85a0cbe7b243/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73676162652f4356452d323031392d313437362e737667)](https://camo.githubusercontent.com/04fbe98add63f0fedee6b987d198252162a60f29a4082806e93b85a0cbe7b243/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73676162652f4356452d323031392d313437362e737667) [![forks](https://camo.githubusercontent.com/b610cc888e66eef272b11abb8d5543e4c187f0f3f71d08cadf21efbdbc51682c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73676162652f4356452d323031392d313437362e737667)](https://camo.githubusercontent.com/b610cc888e66eef272b11abb8d5543e4c187f0f3f71d08cadf21efbdbc51682c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73676162652f4356452d323031392d313437362e737667)

### CVE-2019-1458

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

* **Analyse**
  * github <https://github.com/piotrflorczyk/cve-2019-1458_POC>
  * <https://bbs.pediy.com/thread-260268.htm>
  * <https://thunderjie.github.io/2020/03/21/CVE-2019-1458-%E4%BB%8E-%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A-%E5%88%B0POC%E7%9A%84%E7%BC%96%E5%86%99%E8%BF%87%E7%A8%8B/>
* **PoC**
  * <https://github.com/piotrflorczyk/cve-2019-1458_POC> : [![starts](https://camo.githubusercontent.com/e623386b31d1b4d06a27f210960ae125f11c3d5574bbef04287131ee9c49ee19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70696f7472666c6f72637a796b2f6376652d323031392d313435385f504f432e737667)](https://camo.githubusercontent.com/e623386b31d1b4d06a27f210960ae125f11c3d5574bbef04287131ee9c49ee19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f70696f7472666c6f72637a796b2f6376652d323031392d313435385f504f432e737667) [![forks](https://camo.githubusercontent.com/aa7be3a9211fa5898e4be4e4a81e27acd4d9a867af8843a00050641191b0e2d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f70696f7472666c6f72637a796b2f6376652d323031392d313435385f504f432e737667)](https://camo.githubusercontent.com/aa7be3a9211fa5898e4be4e4a81e27acd4d9a867af8843a00050641191b0e2d6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f70696f7472666c6f72637a796b2f6376652d323031392d313435385f504f432e737667)
  * <https://github.com/DreamoneOnly/CVE-2019-1458-malware> : [![starts](https://camo.githubusercontent.com/9ea3054cbf05bfc83226dfe2c1c9e8ab565f53fea62ef811002092ddc28717e1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f447265616d6f6e654f6e6c792f4356452d323031392d313435382d6d616c776172652e737667)](https://camo.githubusercontent.com/9ea3054cbf05bfc83226dfe2c1c9e8ab565f53fea62ef811002092ddc28717e1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f447265616d6f6e654f6e6c792f4356452d323031392d313435382d6d616c776172652e737667) [![forks](https://camo.githubusercontent.com/5c3656941e21f4507d64f8a4b7677d5894fb2a213c7f81b3d09e0018817b9314/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f447265616d6f6e654f6e6c792f4356452d323031392d313435382d6d616c776172652e737667)](https://camo.githubusercontent.com/5c3656941e21f4507d64f8a4b7677d5894fb2a213c7f81b3d09e0018817b9314/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f447265616d6f6e654f6e6c792f4356452d323031392d313435382d6d616c776172652e737667)
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2019-1458> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/unamer/CVE-2019-1458> : [![starts](https://camo.githubusercontent.com/40703436ccdc8f8c03c30373859dcdc13ce92f2aab9e2a1ff8c470b509546df6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f756e616d65722f4356452d323031392d313435382e737667)](https://camo.githubusercontent.com/40703436ccdc8f8c03c30373859dcdc13ce92f2aab9e2a1ff8c470b509546df6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f756e616d65722f4356452d323031392d313435382e737667) [![forks](https://camo.githubusercontent.com/3e29042226e0eb715b76357fc06b828520a9dac51c8a59640293d150c186b370/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f756e616d65722f4356452d323031392d313435382e737667)](https://camo.githubusercontent.com/3e29042226e0eb715b76357fc06b828520a9dac51c8a59640293d150c186b370/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f756e616d65722f4356452d323031392d313435382e737667)

### CVE-2019-1422

> An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423.

* **Exp**
  * <https://github.com/ze0r/cve-2019-1422> : [![starts](https://camo.githubusercontent.com/ccc8d54d147a4d89feccd2dd0e6c1f78a1effca546321ce0a064259555a06259/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f6376652d323031392d313432322e737667)](https://camo.githubusercontent.com/ccc8d54d147a4d89feccd2dd0e6c1f78a1effca546321ce0a064259555a06259/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f6376652d323031392d313432322e737667) [![forks](https://camo.githubusercontent.com/1a7715337df4b5a6d52eaeb8d6faef4916b7ad8dc57288d6b310a6f6c0163143/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f6376652d323031392d313432322e737667)](https://camo.githubusercontent.com/1a7715337df4b5a6d52eaeb8d6faef4916b7ad8dc57288d6b310a6f6c0163143/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f6376652d323031392d313432322e737667)

### CVE-2019-1405

> An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/>
  * <https://www.anquanke.com/post/id/193022>
  * <https://nosec.org/m/share/3177.html>
* **Exp**
  * <https://github.com/apt69/COMahawk> : [![starts](https://camo.githubusercontent.com/324b40b6de0e7553fa949d49817713c85399d5e67a70fd54a52bf28b63085469/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61707436392f434f4d616861776b2e737667)](https://camo.githubusercontent.com/324b40b6de0e7553fa949d49817713c85399d5e67a70fd54a52bf28b63085469/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61707436392f434f4d616861776b2e737667) [![forks](https://camo.githubusercontent.com/4baf64171278a66a19c16c8b24fac7503d4a39846b7a45b6e5e4bb13c19c97a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f61707436392f434f4d616861776b2e737667)](https://camo.githubusercontent.com/4baf64171278a66a19c16c8b24fac7503d4a39846b7a45b6e5e4bb13c19c97a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f61707436392f434f4d616861776b2e737667)
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2019-1405> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)

### CVE-2019-1388

> An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

* **Analyse**
  * <http://blog.leanote.com/post/snowming/38069f423c76>
  * <https://mp.weixin.qq.com/s/q4UICIVwC4HX-ytvWo8Dvw>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2019-1388> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/jas502n/CVE-2019-1388> : [![starts](https://camo.githubusercontent.com/d13521e39694da7a2654682d0d59e6b0e4d0ee8ed89c9ab3b7508c154bfc3157/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a61733530326e2f4356452d323031392d313338382e737667)](https://camo.githubusercontent.com/d13521e39694da7a2654682d0d59e6b0e4d0ee8ed89c9ab3b7508c154bfc3157/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a61733530326e2f4356452d323031392d313338382e737667) [![forks](https://camo.githubusercontent.com/db24e6f0027edfe7199f14fded30c89ca600658727792a6f7b8e8935495441e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a61733530326e2f4356452d323031392d313338382e737667)](https://camo.githubusercontent.com/db24e6f0027edfe7199f14fded30c89ca600658727792a6f7b8e8935495441e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a61733530326e2f4356452d323031392d313338382e737667)
  * <https://github.com/sv3nbeast/CVE-2019-1388> : [![starts](https://camo.githubusercontent.com/9bd91dad888b5bf8bea6cd0a2718d5392fa0b7c76520af1cf432dcf846a09f8d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7376336e62656173742f4356452d323031392d313338382e737667)](https://camo.githubusercontent.com/9bd91dad888b5bf8bea6cd0a2718d5392fa0b7c76520af1cf432dcf846a09f8d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7376336e62656173742f4356452d323031392d313338382e737667) [![forks](https://camo.githubusercontent.com/57962914e547fe566c47239722fe815ee4d9ef895ae69b773f4a1a996e69a81d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7376336e62656173742f4356452d323031392d313338382e737667)](https://camo.githubusercontent.com/57962914e547fe566c47239722fe815ee4d9ef895ae69b773f4a1a996e69a81d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7376336e62656173742f4356452d323031392d313338382e737667)
  * <https://github.com/jaychouzzk/CVE-2019-1388> : [![starts](https://camo.githubusercontent.com/2161b1a6840705b23ccb6746f963a7fafeb04b0a2e807498ce8b60a32ed7bb65/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a617963686f757a7a6b2f4356452d323031392d313338382e737667)](https://camo.githubusercontent.com/2161b1a6840705b23ccb6746f963a7fafeb04b0a2e807498ce8b60a32ed7bb65/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a617963686f757a7a6b2f4356452d323031392d313338382e737667) [![forks](https://camo.githubusercontent.com/b36bd8991fb68914580a6cbf05509769485d96e3ba1172e524806eabc560b079/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a617963686f757a7a6b2f4356452d323031392d313338382e737667)](https://camo.githubusercontent.com/b36bd8991fb68914580a6cbf05509769485d96e3ba1172e524806eabc560b079/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a617963686f757a7a6b2f4356452d323031392d313338382e737667)

### CVE-2019-1385

> An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

* **Exp**
  * <https://github.com/klinix5/CVE-2019-1385> : [![starts](https://camo.githubusercontent.com/dbbaa9a5d54814da17dd3cf89fb99a2264fd9e50eee062fe462191aaa3cbde19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c696e6978352f4356452d323031392d313338352e737667)](https://camo.githubusercontent.com/dbbaa9a5d54814da17dd3cf89fb99a2264fd9e50eee062fe462191aaa3cbde19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6c696e6978352f4356452d323031392d313338352e737667) [![forks](https://camo.githubusercontent.com/abd8659900ff4bd0cc1a99c31354e8d503714ed509b6f2aad602bb561139975d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c696e6978352f4356452d323031392d313338352e737667)](https://camo.githubusercontent.com/abd8659900ff4bd0cc1a99c31354e8d503714ed509b6f2aad602bb561139975d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6c696e6978352f4356452d323031392d313338352e737667)
  * <https://github.com/0x413x4/CVE-2019-1385> : [![starts](https://camo.githubusercontent.com/7040bb2829df1f005bf40c34e66bb1fd0d8f8260336806b447dee800b85ed524/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307834313378342f4356452d323031392d313338352e737667)](https://camo.githubusercontent.com/7040bb2829df1f005bf40c34e66bb1fd0d8f8260336806b447dee800b85ed524/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307834313378342f4356452d323031392d313338352e737667) [![forks](https://camo.githubusercontent.com/d10277b57960632ea9d5616a43b39ba65747b3b9b0095d298b24c701d496bc77/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307834313378342f4356452d323031392d313338352e737667)](https://camo.githubusercontent.com/d10277b57960632ea9d5616a43b39ba65747b3b9b0095d298b24c701d496bc77/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307834313378342f4356452d323031392d313338352e737667)

### CVE-2019-1322

> An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.

* **Analyse**
  * <https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/>
  * <https://www.anquanke.com/post/id/193022>
  * <https://nosec.org/m/share/3177.html>
* **Exp**
  * <https://github.com/apt69/COMahawk> : [![starts](https://camo.githubusercontent.com/324b40b6de0e7553fa949d49817713c85399d5e67a70fd54a52bf28b63085469/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61707436392f434f4d616861776b2e737667)](https://camo.githubusercontent.com/324b40b6de0e7553fa949d49817713c85399d5e67a70fd54a52bf28b63085469/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61707436392f434f4d616861776b2e737667) [![forks](https://camo.githubusercontent.com/4baf64171278a66a19c16c8b24fac7503d4a39846b7a45b6e5e4bb13c19c97a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f61707436392f434f4d616861776b2e737667)](https://camo.githubusercontent.com/4baf64171278a66a19c16c8b24fac7503d4a39846b7a45b6e5e4bb13c19c97a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f61707436392f434f4d616861776b2e737667)

### CVE-2019-1315

> An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

* **Analyse**
  * <https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html>
  * <https://nosec.org/home/detail/3027.html>
* **PoC**
  * <https://github.com/Mayter/CVE-2019-1315> : [![starts](https://camo.githubusercontent.com/37fab14e7347c81f2f356a4f52c8e811e90e8b6faa9b85a7d94349c47c4003ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d61797465722f4356452d323031392d313331352e737667)](https://camo.githubusercontent.com/37fab14e7347c81f2f356a4f52c8e811e90e8b6faa9b85a7d94349c47c4003ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d61797465722f4356452d323031392d313331352e737667) [![forks](https://camo.githubusercontent.com/fc28c2f672c95b5cef50b7e3b9fc6a1848bf9bb73c5d78c98f80577c4a1b3e97/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d61797465722f4356452d323031392d313331352e737667)](https://camo.githubusercontent.com/fc28c2f672c95b5cef50b7e3b9fc6a1848bf9bb73c5d78c98f80577c4a1b3e97/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d61797465722f4356452d323031392d313331352e737667)

### CVE-2019-1253

> An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.

* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2019-1253> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/padovah4ck/CVE-2019-1253> : [![starts](https://camo.githubusercontent.com/df5a9523380f0a81e59ee0d5199a1d9ec779a573afa86a8965a79f765ae1b93a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7061646f76616834636b2f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/df5a9523380f0a81e59ee0d5199a1d9ec779a573afa86a8965a79f765ae1b93a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7061646f76616834636b2f4356452d323031392d313235332e737667) [![forks](https://camo.githubusercontent.com/5fe0d8152d163c93b9043304c62e24f5da5c655aa98d398c143afd613691fe94/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7061646f76616834636b2f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/5fe0d8152d163c93b9043304c62e24f5da5c655aa98d398c143afd613691fe94/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7061646f76616834636b2f4356452d323031392d313235332e737667)
  * <https://github.com/rogue-kdc/CVE-2019-1253> : [![starts](https://camo.githubusercontent.com/fc6b3dc549d7ea8f1ea6c71f869c81c1d7affa11f873d301462264c35578c986/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f6775652d6b64632f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/fc6b3dc549d7ea8f1ea6c71f869c81c1d7affa11f873d301462264c35578c986/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f6775652d6b64632f4356452d323031392d313235332e737667) [![forks](https://camo.githubusercontent.com/1e9d37769f1e413d3ba153566919e9aa062b5c28aa07e974d7be4a5a484ee260/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726f6775652d6b64632f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/1e9d37769f1e413d3ba153566919e9aa062b5c28aa07e974d7be4a5a484ee260/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726f6775652d6b64632f4356452d323031392d313235332e737667)
  * <https://github.com/sgabe/CVE-2019-1253> : [![starts](https://camo.githubusercontent.com/7f1675d39928cb18c4a81c98bb284dc5fd9cd9b1a214646899530ba60b287d24/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73676162652f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/7f1675d39928cb18c4a81c98bb284dc5fd9cd9b1a214646899530ba60b287d24/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73676162652f4356452d323031392d313235332e737667) [![forks](https://camo.githubusercontent.com/244c866f9e3ff54e89def7f5610453cf33865a52cf1d0354cefa56a4eb7b4dfe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73676162652f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/244c866f9e3ff54e89def7f5610453cf33865a52cf1d0354cefa56a4eb7b4dfe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73676162652f4356452d323031392d313235332e737667)
  * <https://github.com/likescam/CVE-2019-1253> : [![starts](https://camo.githubusercontent.com/c070498927f84cc1ee187ed880079a1ff6cdefcdf468d13e0743a279d39ec9c5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c696b657363616d2f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/c070498927f84cc1ee187ed880079a1ff6cdefcdf468d13e0743a279d39ec9c5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c696b657363616d2f4356452d323031392d313235332e737667) [![forks](https://camo.githubusercontent.com/fdfdb0b0117cc110fd9f14c0a1828512ef940cd38d8f2c1d7a4c7a8b57011073/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c696b657363616d2f4356452d323031392d313235332e737667)](https://camo.githubusercontent.com/fdfdb0b0117cc110fd9f14c0a1828512ef940cd38d8f2c1d7a4c7a8b57011073/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c696b657363616d2f4356452d323031392d313235332e737667)

### CVE-2019-1215

> An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.

* **Analyse**
  * <https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/>
  * <https://bbs.pediy.com/thread-257435.htm>
  * <https://www.freebuf.com/vuls/226167.html>
  * <https://www.163.com/dy/article/FQBEHKLS0511CJ6O.html>
  * <https://saturn35.com/2020/01/09/20200109-1/>
  * <https://day.fujieace.com/security-research/600.html>
* **Exp**
  * <https://github.com/bluefrostsecurity/CVE-2019-1215> : [![starts](https://camo.githubusercontent.com/427848b3287d27206ab908ead2c288d98f08ccbf61a209795bfe92fa0df76efe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626c756566726f737473656375726974792f4356452d323031392d313231352e737667)](https://camo.githubusercontent.com/427848b3287d27206ab908ead2c288d98f08ccbf61a209795bfe92fa0df76efe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626c756566726f737473656375726974792f4356452d323031392d313231352e737667) [![forks](https://camo.githubusercontent.com/6ef23763d31e29be89c54377d40ca7a05d2dc48e940f3d3b0dbb8730332c8a8c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f626c756566726f737473656375726974792f4356452d323031392d313231352e737667)](https://camo.githubusercontent.com/6ef23763d31e29be89c54377d40ca7a05d2dc48e940f3d3b0dbb8730332c8a8c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f626c756566726f737473656375726974792f4356452d323031392d313231352e737667)

### CVE-2019-1132

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://zhuanlan.zhihu.com/p/335166796>
  * <https://ti.qianxin.com/blog/articles/buhtrap-cve-2019-1132-attack-event-related-vulnerability-sample-analysis/>
  * <https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/>
  * <https://www.anquanke.com/post/id/181794>
* **Exp**
  * <https://github.com/Vlad-tri/CVE-2019-1132> : [![starts](https://camo.githubusercontent.com/b7cd6dc0b324a16248a0f3f5b9175e80d382492731c597572c6f12ba67c2b996/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f566c61642d7472692f4356452d323031392d313133322e737667)](https://camo.githubusercontent.com/b7cd6dc0b324a16248a0f3f5b9175e80d382492731c597572c6f12ba67c2b996/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f566c61642d7472692f4356452d323031392d313133322e737667) [![forks](https://camo.githubusercontent.com/a158765389b80ae564c3c722427f399cf363a320aba9fff2076b30a4fe3d4dc0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f566c61642d7472692f4356452d323031392d313133322e737667)](https://camo.githubusercontent.com/a158765389b80ae564c3c722427f399cf363a320aba9fff2076b30a4fe3d4dc0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f566c61642d7472692f4356452d323031392d313133322e737667)
  * <https://github.com/petercc/CVE-2019-1132> : [![starts](https://camo.githubusercontent.com/319eb27076bf392866518129c21b4fa411aa7c115e5c0fd2d8946796443fbb95/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f706574657263632f4356452d323031392d313133322e737667)](https://camo.githubusercontent.com/319eb27076bf392866518129c21b4fa411aa7c115e5c0fd2d8946796443fbb95/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f706574657263632f4356452d323031392d313133322e737667) [![forks](https://camo.githubusercontent.com/3e8e6d8b889c79326879ec829f142641dcf53581cbd5eaf47a91270843599f24/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f706574657263632f4356452d323031392d313133322e737667)](https://camo.githubusercontent.com/3e8e6d8b889c79326879ec829f142641dcf53581cbd5eaf47a91270843599f24/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f706574657263632f4356452d323031392d313133322e737667)

### CVE-2019-1129/1130

> An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.

* **Exp**
  * <https://github.com/S3cur3Th1sSh1t/SharpByeBear> : [![starts](https://camo.githubusercontent.com/435ba596f8090cb9ad4dc8cdc226a29d0da68668799e8434b8e28537b917aa9a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53336375723354683173536831742f5368617270427965426561722e737667)](https://camo.githubusercontent.com/435ba596f8090cb9ad4dc8cdc226a29d0da68668799e8434b8e28537b917aa9a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53336375723354683173536831742f5368617270427965426561722e737667) [![forks](https://camo.githubusercontent.com/995ae7b73f44502e93ec274989c864fe5d6c26e627710fe1881fb84b9ba12553/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53336375723354683173536831742f5368617270427965426561722e737667)](https://camo.githubusercontent.com/995ae7b73f44502e93ec274989c864fe5d6c26e627710fe1881fb84b9ba12553/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53336375723354683173536831742f5368617270427965426561722e737667)

### CVE-2019-1064

> An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.

* **Analyse**
  * <http://cn-sec.com/archives/74164.html>
* **PoC**
  * <https://github.com/RythmStick/CVE-2019-1064> : [![starts](https://camo.githubusercontent.com/64edfa5eeefead5e3dd7ed56d0c0c7081d2aea49ba89761b0a389e026271bf66/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f527974686d537469636b2f4356452d323031392d313036342e737667)](https://camo.githubusercontent.com/64edfa5eeefead5e3dd7ed56d0c0c7081d2aea49ba89761b0a389e026271bf66/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f527974686d537469636b2f4356452d323031392d313036342e737667) [![forks](https://camo.githubusercontent.com/425f6696c25bd141488d9bbb9a6cb2d8c7906b2a474063a95efea9519ed4eafd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f527974686d537469636b2f4356452d323031392d313036342e737667)](https://camo.githubusercontent.com/425f6696c25bd141488d9bbb9a6cb2d8c7906b2a474063a95efea9519ed4eafd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f527974686d537469636b2f4356452d323031392d313036342e737667)
  * <https://github.com/0x00-0x00/CVE-2019-1064> : [![starts](https://camo.githubusercontent.com/4c55758c20f4f028282b97b775cdd8faf02475b368bd7c3dbc967cd248acc1ce/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307830302d307830302f4356452d323031392d313036342e737667)](https://camo.githubusercontent.com/4c55758c20f4f028282b97b775cdd8faf02475b368bd7c3dbc967cd248acc1ce/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307830302d307830302f4356452d323031392d313036342e737667) [![forks](https://camo.githubusercontent.com/85e91264c3c0df55728c25b222c2f2706bd745f02bae5bc0dd77bf7c299dd77c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307830302d307830302f4356452d323031392d313036342e737667)](https://camo.githubusercontent.com/85e91264c3c0df55728c25b222c2f2706bd745f02bae5bc0dd77bf7c299dd77c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307830302d307830302f4356452d323031392d313036342e737667)

### CVE-2019-1040

> A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.

* **Analyse**
  * <https://bbs.pediy.com/thread-252018.htm>
  * <https://zhuanlan.zhihu.com/p/345406848>
* **PoC**
  * <https://github.com/fox-it/cve-2019-1040-scanner> : [![starts](https://camo.githubusercontent.com/6b9dd9ac80ea7d8fae546a22e02245197728a9a44650de50d9806d022e32e1f1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f666f782d69742f6376652d323031392d313034302d7363616e6e65722e737667)](https://camo.githubusercontent.com/6b9dd9ac80ea7d8fae546a22e02245197728a9a44650de50d9806d022e32e1f1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f666f782d69742f6376652d323031392d313034302d7363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/1d6c88364c077da7bba4aa2bdc4ee4aa2509728369395a16a9fc1e8a0f65ee88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f666f782d69742f6376652d323031392d313034302d7363616e6e65722e737667)](https://camo.githubusercontent.com/1d6c88364c077da7bba4aa2bdc4ee4aa2509728369395a16a9fc1e8a0f65ee88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f666f782d69742f6376652d323031392d313034302d7363616e6e65722e737667)
  * <https://github.com/lazaars/UltraRealy_with_CVE-2019-1040> : [![starts](https://camo.githubusercontent.com/bf5739cdb0747260b50949b2ebbd5500dc55d3300c6269ee939b508ae149b04c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c617a616172732f556c7472615265616c795f776974685f4356452d323031392d313034302e737667)](https://camo.githubusercontent.com/bf5739cdb0747260b50949b2ebbd5500dc55d3300c6269ee939b508ae149b04c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c617a616172732f556c7472615265616c795f776974685f4356452d323031392d313034302e737667) [![forks](https://camo.githubusercontent.com/6e2f04b9e5c96e70a335b26a7fa8ea64a7185216c870409a9fcd9023c1124870/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c617a616172732f556c7472615265616c795f776974685f4356452d323031392d313034302e737667)](https://camo.githubusercontent.com/6e2f04b9e5c96e70a335b26a7fa8ea64a7185216c870409a9fcd9023c1124870/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c617a616172732f556c7472615265616c795f776974685f4356452d323031392d313034302e737667)
* **Exp**
  * <https://github.com/Ridter/CVE-2019-1040> : [![starts](https://camo.githubusercontent.com/1934ba387e058814600eb739a5477cd8d0517c5b259a9fc6985ac29a5d5b397a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5269647465722f4356452d323031392d313034302e737667)](https://camo.githubusercontent.com/1934ba387e058814600eb739a5477cd8d0517c5b259a9fc6985ac29a5d5b397a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5269647465722f4356452d323031392d313034302e737667) [![forks](https://camo.githubusercontent.com/e36a51b92db40ddcd264eb89d3a49dd0a2f5106ec9a39b3ca798de09b87f2664/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5269647465722f4356452d323031392d313034302e737667)](https://camo.githubusercontent.com/e36a51b92db40ddcd264eb89d3a49dd0a2f5106ec9a39b3ca798de09b87f2664/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5269647465722f4356452d323031392d313034302e737667)
  * <https://github.com/QAX-A-Team/dcpwn> : [![starts](https://camo.githubusercontent.com/ae4c4a8a489e61a47d8468ace22159ffdd97aee599679a88d3044c6fdbdb4ab5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5141582d412d5465616d2f646370776e2e737667)](https://camo.githubusercontent.com/ae4c4a8a489e61a47d8468ace22159ffdd97aee599679a88d3044c6fdbdb4ab5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5141582d412d5465616d2f646370776e2e737667) [![forks](https://camo.githubusercontent.com/23890fdfdca2f0d95d70f4e5ed434b0d0b73f21312f391d17686ce505e53a670/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5141582d412d5465616d2f646370776e2e737667)](https://camo.githubusercontent.com/23890fdfdca2f0d95d70f4e5ed434b0d0b73f21312f391d17686ce505e53a670/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5141582d412d5465616d2f646370776e2e737667)
  * <https://github.com/Ridter/CVE-2019-1040-dcpwn> : [![starts](https://camo.githubusercontent.com/9703bfdfa93249801b881f8ea7b4f0304bb094ed89095919ca4f5daa12ce15cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5269647465722f4356452d323031392d313034302d646370776e2e737667)](https://camo.githubusercontent.com/9703bfdfa93249801b881f8ea7b4f0304bb094ed89095919ca4f5daa12ce15cc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5269647465722f4356452d323031392d313034302d646370776e2e737667) [![forks](https://camo.githubusercontent.com/5d012b504bc5ea00c7e9f454b9a01b3c5b391534848a8fa2b75db5896f2ebe58/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5269647465722f4356452d323031392d313034302d646370776e2e737667)](https://camo.githubusercontent.com/5d012b504bc5ea00c7e9f454b9a01b3c5b391534848a8fa2b75db5896f2ebe58/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5269647465722f4356452d323031392d313034302d646370776e2e737667)
  * <https://github.com/wzxmt/CVE-2019-1040> : [![starts](https://camo.githubusercontent.com/fcbe21818172477e828f0727bb8efff5f519899eb1a77d91a97d776d1a698097/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f777a786d742f4356452d323031392d313034302e737667)](https://camo.githubusercontent.com/fcbe21818172477e828f0727bb8efff5f519899eb1a77d91a97d776d1a698097/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f777a786d742f4356452d323031392d313034302e737667) [![forks](https://camo.githubusercontent.com/5db4ace90aba5e56fa28a3a1051c15ebd67f49b3d4a5425459041d452b958c1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f777a786d742f4356452d323031392d313034302e737667)](https://camo.githubusercontent.com/5db4ace90aba5e56fa28a3a1051c15ebd67f49b3d4a5425459041d452b958c1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f777a786d742f4356452d323031392d313034302e737667)

### CVE-2019-0986

> An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

* **PoC**
  * <https://github.com/padovah4ck/CVE-2019-0986> : [![starts](https://camo.githubusercontent.com/0fbac00d8e8ffe994492457cf8d379644f409e74dd35eddb13c82427004288ac/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7061646f76616834636b2f4356452d323031392d303938362e737667)](https://camo.githubusercontent.com/0fbac00d8e8ffe994492457cf8d379644f409e74dd35eddb13c82427004288ac/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7061646f76616834636b2f4356452d323031392d303938362e737667) [![forks](https://camo.githubusercontent.com/efb4d414359df40e64e54d19cc6f47075bcb956bda820ad6683b44097942a64b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7061646f76616834636b2f4356452d323031392d303938362e737667)](https://camo.githubusercontent.com/efb4d414359df40e64e54d19cc6f47075bcb956bda820ad6683b44097942a64b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7061646f76616834636b2f4356452d323031392d303938362e737667)

### CVE-2019-0863

> An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://xz.aliyun.com/t/5571>
  * <https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/>
  * <https://www.anquanke.com/post/id/181457>
* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2019-0863/WerTrigger-master> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/sailay1996/WerTrigger> : [![starts](https://camo.githubusercontent.com/52b5476328b4b8c804f703e87bbeafe01c9697eda7863fbde5c7a8dac387a8ed/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7361696c6179313939362f576572547269676765722e737667)](https://camo.githubusercontent.com/52b5476328b4b8c804f703e87bbeafe01c9697eda7863fbde5c7a8dac387a8ed/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7361696c6179313939362f576572547269676765722e737667) [![forks](https://camo.githubusercontent.com/036ce5bf9a78df7109b4054d00ea019ee96cad0dc0fb49a5c26a786a395b9adf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7361696c6179313939362f576572547269676765722e737667)](https://camo.githubusercontent.com/036ce5bf9a78df7109b4054d00ea019ee96cad0dc0fb49a5c26a786a395b9adf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7361696c6179313939362f576572547269676765722e737667)

### CVE-2019-0859

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.

* **Analyse**
  * <https://www.secrss.com/articles/9942>
  * <https://blog.csdn.net/blackorbird/article/details/102462546>
  * <https://www.4hou.com/posts/3jRO>
  * <https://nosec.org/home/detail/2490.html>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2019-0859> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/Sheisback/CVE-2019-0859-1day-Exploit> : [![starts](https://camo.githubusercontent.com/cd6c7aff0b34352658ae42b5e7d9fbad2e0e988ae03bd6e616c10c15d1990ac2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53686569736261636b2f4356452d323031392d303835392d316461792d4578706c6f69742e737667)](https://camo.githubusercontent.com/cd6c7aff0b34352658ae42b5e7d9fbad2e0e988ae03bd6e616c10c15d1990ac2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53686569736261636b2f4356452d323031392d303835392d316461792d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/5e50c217ffa9376eb4e07bb51b8c6fd3539ccc68bf29c5430effa310dc247614/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53686569736261636b2f4356452d323031392d303835392d316461792d4578706c6f69742e737667)](https://camo.githubusercontent.com/5e50c217ffa9376eb4e07bb51b8c6fd3539ccc68bf29c5430effa310dc247614/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53686569736261636b2f4356452d323031392d303835392d316461792d4578706c6f69742e737667)

### CVE-2019-0803

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

* **Analyse**
  * <https://bbs.pediy.com/thread-260289.htm>
  * <https://www.jianshu.com/p/91e0f79f36eb>
  * <https://zhuanlan.zhihu.com/p/62520006>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2019-0803> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2019-0803> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/ExpLife0011/CVE-2019-0803> : [![starts](https://camo.githubusercontent.com/fbc047a9ee77f7721730471f0c17dba79637a3f9189e460f327c7a279f27902c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4578704c696665303031312f4356452d323031392d303830332e737667)](https://camo.githubusercontent.com/fbc047a9ee77f7721730471f0c17dba79637a3f9189e460f327c7a279f27902c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4578704c696665303031312f4356452d323031392d303830332e737667) [![forks](https://camo.githubusercontent.com/5adc75cc5d20f600ccd17a87fa6adb19f5ede4c039876c25a5d3a19479f7bd08/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4578704c696665303031312f4356452d323031392d303830332e737667)](https://camo.githubusercontent.com/5adc75cc5d20f600ccd17a87fa6adb19f5ede4c039876c25a5d3a19479f7bd08/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4578704c696665303031312f4356452d323031392d303830332e737667)

### CVE-2019-0708

> A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

* **Analyse**
  * <https://xz.aliyun.com/t/5243>
  * <https://bbs.pediy.com/thread-256734.htm>
  * <https://www.anquanke.com/post/id/178964>
  * <https://www.cnblogs.com/backlion/p/11482322.html>
* **PoC**
  * <https://github.com/Ekultek/BlueKeep> : [![starts](https://camo.githubusercontent.com/116c38c3b7e4cd3392dc801c2394716cc46a728e461e839ebbced33b7ba7573b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456b756c74656b2f426c75654b6565702e737667)](https://camo.githubusercontent.com/116c38c3b7e4cd3392dc801c2394716cc46a728e461e839ebbced33b7ba7573b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456b756c74656b2f426c75654b6565702e737667) [![forks](https://camo.githubusercontent.com/1cd5b6dc340574107de8681697db1e9e9fcccfd5aa749fb27961713c5a346332/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f456b756c74656b2f426c75654b6565702e737667)](https://camo.githubusercontent.com/1cd5b6dc340574107de8681697db1e9e9fcccfd5aa749fb27961713c5a346332/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f456b756c74656b2f426c75654b6565702e737667)
  * <https://github.com/zerosum0x0/CVE-2019-0708> : [![starts](https://camo.githubusercontent.com/be342f507738d287378e530d64e417c3b03261114f68a9e9fa03d2d758f81148/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a65726f73756d3078302f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/be342f507738d287378e530d64e417c3b03261114f68a9e9fa03d2d758f81148/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a65726f73756d3078302f4356452d323031392d303730382e737667) [![forks](https://camo.githubusercontent.com/a4b1baf61759bc25d5675644e548218af038c1fab81887d74d032b83de89f3ec/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a65726f73756d3078302f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/a4b1baf61759bc25d5675644e548218af038c1fab81887d74d032b83de89f3ec/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a65726f73756d3078302f4356452d323031392d303730382e737667)
  * <https://github.com/robertdavidgraham/rdpscan> : [![starts](https://camo.githubusercontent.com/8d73e358859458454ea6fa7b88e9b52bd26a96644ee11d9dfebeca8109f8257a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f62657274646176696467726168616d2f7264707363616e2e737667)](https://camo.githubusercontent.com/8d73e358859458454ea6fa7b88e9b52bd26a96644ee11d9dfebeca8109f8257a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f62657274646176696467726168616d2f7264707363616e2e737667) [![forks](https://camo.githubusercontent.com/8004202c6d64d0277473b3946cb4d8e903c2ee69f150b7e77de417930b1cef35/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726f62657274646176696467726168616d2f7264707363616e2e737667)](https://camo.githubusercontent.com/8004202c6d64d0277473b3946cb4d8e903c2ee69f150b7e77de417930b1cef35/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726f62657274646176696467726168616d2f7264707363616e2e737667)
  * <https://github.com/n1xbyte/CVE-2019-0708> : [![starts](https://camo.githubusercontent.com/7ac24b65af6aaa83db2ef20a9c16752aa638733ca175d213ead8a0b53acb77e4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e3178627974652f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/7ac24b65af6aaa83db2ef20a9c16752aa638733ca175d213ead8a0b53acb77e4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e3178627974652f4356452d323031392d303730382e737667) [![forks](https://camo.githubusercontent.com/4688ba12fa747b94f9fa0a867062da9d6abd6a1ee465603c2df128100da3a6bf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e3178627974652f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/4688ba12fa747b94f9fa0a867062da9d6abd6a1ee465603c2df128100da3a6bf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e3178627974652f4356452d323031392d303730382e737667)
  * <https://github.com/k8gege/CVE-2019-0708> : [![starts](https://camo.githubusercontent.com/c0dc92ce33a71e05a555c69031c0133e113a8d763ee49f24c06b8c2e01f9f9b6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b38676567652f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/c0dc92ce33a71e05a555c69031c0133e113a8d763ee49f24c06b8c2e01f9f9b6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b38676567652f4356452d323031392d303730382e737667) [![forks](https://camo.githubusercontent.com/265c67ed75097cc60f377984b0e2c76eaebbee7ff43330b8bcf7f19edd7fceb6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b38676567652f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/265c67ed75097cc60f377984b0e2c76eaebbee7ff43330b8bcf7f19edd7fceb6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b38676567652f4356452d323031392d303730382e737667)
  * <https://github.com/0xeb-bp/bluekeep> : [![starts](https://camo.githubusercontent.com/237d7e1c87274fe6335e0324087354a4f4ab1af4afa1ad82c9397ae00e771ca8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f626c75656b6565702e737667)](https://camo.githubusercontent.com/237d7e1c87274fe6335e0324087354a4f4ab1af4afa1ad82c9397ae00e771ca8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f307865622d62702f626c75656b6565702e737667) [![forks](https://camo.githubusercontent.com/199b51c936088e945185fc2b4bad50002217bef53fb3f0b0b10e5ee0c2db41aa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f626c75656b6565702e737667)](https://camo.githubusercontent.com/199b51c936088e945185fc2b4bad50002217bef53fb3f0b0b10e5ee0c2db41aa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f307865622d62702f626c75656b6565702e737667)
  * <https://github.com/nccgroup/BKScan> : [![starts](https://camo.githubusercontent.com/f30ee8f07a99bf2c20518a95e8dddae30833129d63c391f1589ce741a7b6433d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e636367726f75702f424b5363616e2e737667)](https://camo.githubusercontent.com/f30ee8f07a99bf2c20518a95e8dddae30833129d63c391f1589ce741a7b6433d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e636367726f75702f424b5363616e2e737667) [![forks](https://camo.githubusercontent.com/73270abf4158b0f1ac64ef1fe599510ac0a2af19f44219418fc95887dbe2df8f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e636367726f75702f424b5363616e2e737667)](https://camo.githubusercontent.com/73270abf4158b0f1ac64ef1fe599510ac0a2af19f44219418fc95887dbe2df8f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e636367726f75702f424b5363616e2e737667)
  * <https://github.com/Leoid/CVE-2019-0708> : [![starts](https://camo.githubusercontent.com/5ba3545595517b0be249cca88f7f7566e7a93b81c6055f71149df644e6f9ec12/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4c656f69642f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/5ba3545595517b0be249cca88f7f7566e7a93b81c6055f71149df644e6f9ec12/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4c656f69642f4356452d323031392d303730382e737667) [![forks](https://camo.githubusercontent.com/9e0ca57d54a2a9305debb27273d83a7027f7553678b1529603c8fcb35d12e70a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4c656f69642f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/9e0ca57d54a2a9305debb27273d83a7027f7553678b1529603c8fcb35d12e70a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4c656f69642f4356452d323031392d303730382e737667)
  * <https://github.com/worawit/CVE-2019-0708> : [![starts](https://camo.githubusercontent.com/57bbbb04dfcf1d85119db101af74a8d6507a64628aad9cc569f30fb7a8dca0bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f776f72617769742f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/57bbbb04dfcf1d85119db101af74a8d6507a64628aad9cc569f30fb7a8dca0bd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f776f72617769742f4356452d323031392d303730382e737667) [![forks](https://camo.githubusercontent.com/740f1df86519ffee086ec894af85d4a4d36c72f5210280c36ead3f3128eba4e9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f776f72617769742f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/740f1df86519ffee086ec894af85d4a4d36c72f5210280c36ead3f3128eba4e9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f776f72617769742f4356452d323031392d303730382e737667)
  * <https://github.com/biggerwing/CVE-2019-0708-poc> : [![starts](https://camo.githubusercontent.com/9958125c1c635ed43ec76f4c80260e79339fd392c7c5f8dc354ab34c3f566e21/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62696767657277696e672f4356452d323031392d303730382d706f632e737667)](https://camo.githubusercontent.com/9958125c1c635ed43ec76f4c80260e79339fd392c7c5f8dc354ab34c3f566e21/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62696767657277696e672f4356452d323031392d303730382d706f632e737667) [![forks](https://camo.githubusercontent.com/0b6b6d5a3cf512695d0adf20d59e7c8d04784bfb100cf4806e8d393f53eca849/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f62696767657277696e672f4356452d323031392d303730382d706f632e737667)](https://camo.githubusercontent.com/0b6b6d5a3cf512695d0adf20d59e7c8d04784bfb100cf4806e8d393f53eca849/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f62696767657277696e672f4356452d323031392d303730382d706f632e737667)
  * <https://github.com/umarfarook882/CVE-2019-0708> : [![starts](https://camo.githubusercontent.com/cc871e41e8f2d9aee5942755b34026e72b239cbcd4d693d7da956913b3e64d2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f756d61726661726f6f6b3838322f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/cc871e41e8f2d9aee5942755b34026e72b239cbcd4d693d7da956913b3e64d2c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f756d61726661726f6f6b3838322f4356452d323031392d303730382e737667) [![forks](https://camo.githubusercontent.com/5bb13da518bf1cb749fedccf7f001bde2686c2b10654b543e0149b789708c01b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f756d61726661726f6f6b3838322f4356452d323031392d303730382e737667)](https://camo.githubusercontent.com/5bb13da518bf1cb749fedccf7f001bde2686c2b10654b543e0149b789708c01b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f756d61726661726f6f6b3838322f4356452d323031392d303730382e737667)
  * <https://github.com/Jaky5155/cve-2019-0708-exp> : [![starts](https://camo.githubusercontent.com/1051e3d2bb5189b39a2c64c81220c7b1b07d4a1bc60d1866143fbc119577082b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a616b79353135352f6376652d323031392d303730382d6578702e737667)](https://camo.githubusercontent.com/1051e3d2bb5189b39a2c64c81220c7b1b07d4a1bc60d1866143fbc119577082b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a616b79353135352f6376652d323031392d303730382d6578702e737667) [![forks](https://camo.githubusercontent.com/775725d9850306a1ddc77093c86c1187a49adf0232c5b71770de81674d8b3285/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4a616b79353135352f6376652d323031392d303730382d6578702e737667)](https://camo.githubusercontent.com/775725d9850306a1ddc77093c86c1187a49adf0232c5b71770de81674d8b3285/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4a616b79353135352f6376652d323031392d303730382d6578702e737667)
* **Exp**
  * <https://www.rapid7.com/blog/post/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/>
  * <https://github.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploit> : [![starts](https://camo.githubusercontent.com/0d507aae60b362c4c3995ae86b711b1fe1663c3f1f7cfc023441e7ac92435904/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616c676f372f626c75656b6565705f4356452d323031392d303730385f706f635f746f5f6578706c6f69742e737667)](https://camo.githubusercontent.com/0d507aae60b362c4c3995ae86b711b1fe1663c3f1f7cfc023441e7ac92435904/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616c676f372f626c75656b6565705f4356452d323031392d303730385f706f635f746f5f6578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/a5e42cb1b4dd2d3c2288dc81218bbad6c01c7be24ace2ac5a5630e358fd1c5ff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616c676f372f626c75656b6565705f4356452d323031392d303730385f706f635f746f5f6578706c6f69742e737667)](https://camo.githubusercontent.com/a5e42cb1b4dd2d3c2288dc81218bbad6c01c7be24ace2ac5a5630e358fd1c5ff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616c676f372f626c75656b6565705f4356452d323031392d303730385f706f635f746f5f6578706c6f69742e737667)
  * <https://github.com/cbwang505/CVE-2019-0708-EXP-Windows> : [![starts](https://camo.githubusercontent.com/3e820fa945cfec6ea1d188b0f7b6cde3ac3746584fe299f35255964610a9bba1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636277616e673530352f4356452d323031392d303730382d4558502d57696e646f77732e737667)](https://camo.githubusercontent.com/3e820fa945cfec6ea1d188b0f7b6cde3ac3746584fe299f35255964610a9bba1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636277616e673530352f4356452d323031392d303730382d4558502d57696e646f77732e737667) [![forks](https://camo.githubusercontent.com/a491691a4ce6dba0f462e9a830470ca7365df9975ee29a9ae2c03ea5adb909c5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636277616e673530352f4356452d323031392d303730382d4558502d57696e646f77732e737667)](https://camo.githubusercontent.com/a491691a4ce6dba0f462e9a830470ca7365df9975ee29a9ae2c03ea5adb909c5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636277616e673530352f4356452d323031392d303730382d4558502d57696e646f77732e737667)
  * <https://github.com/Cyb0r9/ispy> : [![starts](https://camo.githubusercontent.com/d6473b9e7c15c2d617fe23be733bb8f7b720d210c25a34371448eefd0cbafdb2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4379623072392f697370792e737667)](https://camo.githubusercontent.com/d6473b9e7c15c2d617fe23be733bb8f7b720d210c25a34371448eefd0cbafdb2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4379623072392f697370792e737667) [![forks](https://camo.githubusercontent.com/d343fdc9186d39fd582f5e98f31531435b6ae16de177ab11ed0fabf0da164eea/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4379623072392f697370792e737667)](https://camo.githubusercontent.com/d343fdc9186d39fd582f5e98f31531435b6ae16de177ab11ed0fabf0da164eea/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4379623072392f697370792e737667)
  * <https://github.com/NAXG/cve_2019_0708_bluekeep_rce> : [![starts](https://camo.githubusercontent.com/6a666b1bdbc73ed305190d0d1659ee4b6b3126ad0aee0e4d18de4bf423425360/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4e4158472f6376655f323031395f303730385f626c75656b6565705f7263652e737667)](https://camo.githubusercontent.com/6a666b1bdbc73ed305190d0d1659ee4b6b3126ad0aee0e4d18de4bf423425360/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4e4158472f6376655f323031395f303730385f626c75656b6565705f7263652e737667) [![forks](https://camo.githubusercontent.com/22eb1215bb9b97048ab4e033a360215836c26262790b54edf273cabf51a1d5bb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4e4158472f6376655f323031395f303730385f626c75656b6565705f7263652e737667)](https://camo.githubusercontent.com/22eb1215bb9b97048ab4e033a360215836c26262790b54edf273cabf51a1d5bb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4e4158472f6376655f323031395f303730385f626c75656b6565705f7263652e737667)
  * <https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-> : [![starts](https://camo.githubusercontent.com/8f3b788b798a29312f051d800179f1a188330d8f7d82b2e79e5ffa0f79651c19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646f726b6572646576696c2f52656d6f74652d4465736b746f702d53657276696365732d52656d6f74652d436f64652d457865637574696f6e2d56756c6e65726162696c6974792d4356452d323031392d303730382d2e737667)](https://camo.githubusercontent.com/8f3b788b798a29312f051d800179f1a188330d8f7d82b2e79e5ffa0f79651c19/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646f726b6572646576696c2f52656d6f74652d4465736b746f702d53657276696365732d52656d6f74652d436f64652d457865637574696f6e2d56756c6e65726162696c6974792d4356452d323031392d303730382d2e737667) [![forks](https://camo.githubusercontent.com/19334ae5de6f52a004bcc21c5d06ace6e79cc67f4fff0f3d60226db69fe2b59b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f646f726b6572646576696c2f52656d6f74652d4465736b746f702d53657276696365732d52656d6f74652d436f64652d457865637574696f6e2d56756c6e65726162696c6974792d4356452d323031392d303730382d2e737667)](https://camo.githubusercontent.com/19334ae5de6f52a004bcc21c5d06ace6e79cc67f4fff0f3d60226db69fe2b59b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f646f726b6572646576696c2f52656d6f74652d4465736b746f702d53657276696365732d52656d6f74652d436f64652d457865637574696f6e2d56756c6e65726162696c6974792d4356452d323031392d303730382d2e737667)
  * <https://github.com/TinToSer/bluekeep-exploit> : [![starts](https://camo.githubusercontent.com/9c1b166e35427e7fb518f4b30d682adce2843bd24ac31cd1bb5de13b33b280a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54696e546f5365722f626c75656b6565702d6578706c6f69742e737667)](https://camo.githubusercontent.com/9c1b166e35427e7fb518f4b30d682adce2843bd24ac31cd1bb5de13b33b280a7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f54696e546f5365722f626c75656b6565702d6578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/b7fa2b2cc3adc9a83a3c9c58b25029b2c00275f1356e18bc49d5c38188613d59/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f54696e546f5365722f626c75656b6565702d6578706c6f69742e737667)](https://camo.githubusercontent.com/b7fa2b2cc3adc9a83a3c9c58b25029b2c00275f1356e18bc49d5c38188613d59/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f54696e546f5365722f626c75656b6565702d6578706c6f69742e737667)
  * <https://github.com/coolboy4me/cve-2019-0708_bluekeep_rce> : [![starts](https://camo.githubusercontent.com/f0ff3909ee1f9fac5db3d6e8c51c9a07798a4eecd8b5831ff1fddb61db4e14dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f6f6c626f79346d652f6376652d323031392d303730385f626c75656b6565705f7263652e737667)](https://camo.githubusercontent.com/f0ff3909ee1f9fac5db3d6e8c51c9a07798a4eecd8b5831ff1fddb61db4e14dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f6f6c626f79346d652f6376652d323031392d303730385f626c75656b6565705f7263652e737667) [![forks](https://camo.githubusercontent.com/be50ca567f508836a6723270580c6ab7b7988dd12273a81df3f80aef135b02a6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f6f6c626f79346d652f6376652d323031392d303730385f626c75656b6565705f7263652e737667)](https://camo.githubusercontent.com/be50ca567f508836a6723270580c6ab7b7988dd12273a81df3f80aef135b02a6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f6f6c626f79346d652f6376652d323031392d303730385f626c75656b6565705f7263652e737667)
  * <https://github.com/mai-lang-chai/CVE-2019-0708-RCE> : [![starts](https://camo.githubusercontent.com/4f6d86a8611e6b56c5c12fcde6d0a79b7614a2ceebf4cb819ff48298d90cb843/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d61692d6c616e672d636861692f4356452d323031392d303730382d5243452e737667)](https://camo.githubusercontent.com/4f6d86a8611e6b56c5c12fcde6d0a79b7614a2ceebf4cb819ff48298d90cb843/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d61692d6c616e672d636861692f4356452d323031392d303730382d5243452e737667) [![forks](https://camo.githubusercontent.com/fa1e838eed486853220bcedad80fd3b9f976a6d612661cd58fc7d5ae38c0b804/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d61692d6c616e672d636861692f4356452d323031392d303730382d5243452e737667)](https://camo.githubusercontent.com/fa1e838eed486853220bcedad80fd3b9f976a6d612661cd58fc7d5ae38c0b804/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d61692d6c616e672d636861692f4356452d323031392d303730382d5243452e737667)
  * <https://github.com/rockmelodies/CVE-2019-0708-Exploit> : [![starts](https://camo.githubusercontent.com/336df9d6aae3d50c6ae5f872e55debbdd464cf2727c2b4b5d47353b6257efe5c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f636b6d656c6f646965732f4356452d323031392d303730382d4578706c6f69742e737667)](https://camo.githubusercontent.com/336df9d6aae3d50c6ae5f872e55debbdd464cf2727c2b4b5d47353b6257efe5c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f726f636b6d656c6f646965732f4356452d323031392d303730382d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/d72896bf1a553d988f856d461fcaaaf383b659900f407cb0cc88f208f07cbc46/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726f636b6d656c6f646965732f4356452d323031392d303730382d4578706c6f69742e737667)](https://camo.githubusercontent.com/d72896bf1a553d988f856d461fcaaaf383b659900f407cb0cc88f208f07cbc46/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f726f636b6d656c6f646965732f4356452d323031392d303730382d4578706c6f69742e737667)
  * to more on github...

### CVE-2019-0623

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

* **Analyse**
  * <https://paper.seebug.org/832/>
* **Exp**
  * <https://github.com/DreamoneOnly/CVE-2019-0623-32-exp> : [![starts](https://camo.githubusercontent.com/ce59b7c7e1b1c89d1c18cc490b5ea6f96a4bb755a0d1cb81a29e1e79e7553633/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f447265616d6f6e654f6e6c792f4356452d323031392d303632332d33322d6578702e737667)](https://camo.githubusercontent.com/ce59b7c7e1b1c89d1c18cc490b5ea6f96a4bb755a0d1cb81a29e1e79e7553633/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f447265616d6f6e654f6e6c792f4356452d323031392d303632332d33322d6578702e737667) [![forks](https://camo.githubusercontent.com/f3bd85332a9785daa3c230d94ae03ecb513a54bc9de2237860b7d0e78e419444/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f447265616d6f6e654f6e6c792f4356452d323031392d303632332d33322d6578702e737667)](https://camo.githubusercontent.com/f3bd85332a9785daa3c230d94ae03ecb513a54bc9de2237860b7d0e78e419444/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f447265616d6f6e654f6e6c792f4356452d323031392d303632332d33322d6578702e737667)

## 2018

### CVE-2018-8639

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.

* **Analyse**
  * <https://www.anquanke.com/post/id/183358>
  * <https://bbs.pediy.com/thread-251400.htm>
  * <https://bbs.pediy.com/thread-254305.htm>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2018-8639> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/ze0r/CVE-2018-8639-exp> : [![starts](https://camo.githubusercontent.com/349eeb11fdc27be3df2560c1a3dcbab6127d0383553ecb7bbb4f4b3d672facac/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f4356452d323031382d383633392d6578702e737667)](https://camo.githubusercontent.com/349eeb11fdc27be3df2560c1a3dcbab6127d0383553ecb7bbb4f4b3d672facac/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f4356452d323031382d383633392d6578702e737667) [![forks](https://camo.githubusercontent.com/0ab9cc2590b1950af6204c2efe819fd924e6ff34b3feca84b902e633dee20f1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f4356452d323031382d383633392d6578702e737667)](https://camo.githubusercontent.com/0ab9cc2590b1950af6204c2efe819fd924e6ff34b3feca84b902e633dee20f1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f4356452d323031382d383633392d6578702e737667)
  * <https://github.com/timwhitez/CVE-2018-8639-EXP> : [![starts](https://camo.githubusercontent.com/7d1ccc28e84574e08b6f0feca6ee81c1899823ad8bf152d254eb526e5e47dcf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74696d77686974657a2f4356452d323031382d383633392d4558502e737667)](https://camo.githubusercontent.com/7d1ccc28e84574e08b6f0feca6ee81c1899823ad8bf152d254eb526e5e47dcf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74696d77686974657a2f4356452d323031382d383633392d4558502e737667) [![forks](https://camo.githubusercontent.com/524d27230dd4a1f902ef27f00acdf95ff2d890f67898f5f2a7e7ce9a6ce0ef2f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f74696d77686974657a2f4356452d323031382d383633392d4558502e737667)](https://camo.githubusercontent.com/524d27230dd4a1f902ef27f00acdf95ff2d890f67898f5f2a7e7ce9a6ce0ef2f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f74696d77686974657a2f4356452d323031382d383633392d4558502e737667)

### CVE-2018-8453

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

* **Analyse**
  * github <https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453>
  * <https://www.anquanke.com/post/id/162894>
  * <https://paper.seebug.org/784/>
  * <https://paper.seebug.org/798/>
  * <https://bbs.pediy.com/thread-249021.htm>
  * <https://www.jianshu.com/p/082bd9992b57>
  * <https://www.whsgwl.net/blog/CVE-2018-8453_0.html>
  * <https://www.whsgwl.net/blog/CVE-2018-8453_1.html>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2018-8453> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/ze0r/cve-2018-8453-exp> : [![starts](https://camo.githubusercontent.com/3b91bb2d691ce9137725feebad95df273a5c66ba1f3470e37a473785e6acf62c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f6376652d323031382d383435332d6578702e737667)](https://camo.githubusercontent.com/3b91bb2d691ce9137725feebad95df273a5c66ba1f3470e37a473785e6acf62c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a6530722f6376652d323031382d383435332d6578702e737667) [![forks](https://camo.githubusercontent.com/ada3a02cebbddfaeca0fc003082ca94909adff216f990eab3d123418b23e1be6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f6376652d323031382d383435332d6578702e737667)](https://camo.githubusercontent.com/ada3a02cebbddfaeca0fc003082ca94909adff216f990eab3d123418b23e1be6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a6530722f6376652d323031382d383435332d6578702e737667)
  * <https://github.com/Mkv4/cve-2018-8453-exp> : [![starts](https://camo.githubusercontent.com/501047de90bc925a493cc2971df4c495237d488368cd7accb08cf2f53838b9d1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d6b76342f6376652d323031382d383435332d6578702e737667)](https://camo.githubusercontent.com/501047de90bc925a493cc2971df4c495237d488368cd7accb08cf2f53838b9d1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d6b76342f6376652d323031382d383435332d6578702e737667) [![forks](https://camo.githubusercontent.com/03e71de5dcf3a06f5fabdc29477d1c200e3ca67adf2c8aead8d873cc9cf4743b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d6b76342f6376652d323031382d383435332d6578702e737667)](https://camo.githubusercontent.com/03e71de5dcf3a06f5fabdc29477d1c200e3ca67adf2c8aead8d873cc9cf4743b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d6b76342f6376652d323031382d383435332d6578702e737667)

### CVE-2018-8440

> An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

* **Analyse**
  * <https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html>
  * <https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html>
  * <https://www.anquanke.com/post/id/169382>
* **Exp**
  * <https://github.com/sourceincite/CVE-2018-8440> : [![starts](https://camo.githubusercontent.com/af4186146765efb47676b2f5a3340180f94908579de4a7e25c6f2136c2912af3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736f75726365696e636974652f4356452d323031382d383434302e737667)](https://camo.githubusercontent.com/af4186146765efb47676b2f5a3340180f94908579de4a7e25c6f2136c2912af3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736f75726365696e636974652f4356452d323031382d383434302e737667) [![forks](https://camo.githubusercontent.com/c70c9b12afb94be7458199bdf8b6eb14309fe99062f499aec2a3e2335f36388a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736f75726365696e636974652f4356452d323031382d383434302e737667)](https://camo.githubusercontent.com/c70c9b12afb94be7458199bdf8b6eb14309fe99062f499aec2a3e2335f36388a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736f75726365696e636974652f4356452d323031382d383434302e737667)

### CVE-2018-8414

> A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

* **Analyse**
  * <https://www.anquanke.com/post/id/157782>
  * <https://www.cnblogs.com/backlion/p/9642241.html>
* **Exp**
  * <https://github.com/whereisr0da/CVE-2018-8414-POC> : [![starts](https://camo.githubusercontent.com/745c497a79eedf2ec82ecfb009f3422041acab271c8289dbc759ed0d99b3d127/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77686572656973723064612f4356452d323031382d383431342d504f432e737667)](https://camo.githubusercontent.com/745c497a79eedf2ec82ecfb009f3422041acab271c8289dbc759ed0d99b3d127/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77686572656973723064612f4356452d323031382d383431342d504f432e737667) [![forks](https://camo.githubusercontent.com/cd249a22001159e85bc68c6e089527953796438580e6facbb1c4674eb97844bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77686572656973723064612f4356452d323031382d383431342d504f432e737667)](https://camo.githubusercontent.com/cd249a22001159e85bc68c6e089527953796438580e6facbb1c4674eb97844bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77686572656973723064612f4356452d323031382d383431342d504f432e737667)

### CVE-2018-8120

> An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.

* **Analyse**
  * github <https://github.com/EVOL4/CVE-2018-8120/blob/master/CVE-2018-8120.md>
  * <https://b2ahex.github.io/blog/2018/05/15/8120%E5%88%86%E6%9E%90/index.html>
  * <https://paper.seebug.org/614/>
  * <https://xz.aliyun.com/t/8667>
  * <http://xz.aliyun.com/t/5966>
* **PoC**
  * <https://github.com/areuu/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/f1a1c14175c234c37c8432cce59e2f4f38e10ac814533cfc990ecffcd0ed421a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61726575752f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/f1a1c14175c234c37c8432cce59e2f4f38e10ac814533cfc990ecffcd0ed421a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f61726575752f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/3dc0abed82c7a965ca3762496083d6e0b65f6242cb118dcf890d8c037782e023/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f61726575752f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/3dc0abed82c7a965ca3762496083d6e0b65f6242cb118dcf890d8c037782e023/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f61726575752f4356452d323031382d383132302e737667)
  * <https://github.com/StartZYP/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/ca8b6ee3cd02a5c6de4a1e3e208dbaa421c4c0b211845b773ea39f6636f888d8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53746172745a59502f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/ca8b6ee3cd02a5c6de4a1e3e208dbaa421c4c0b211845b773ea39f6636f888d8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53746172745a59502f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/ae8fe5e63b0e0e96c0cc8096f73630366052ed14c75ab8da7ba25706f5b0ab51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53746172745a59502f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/ae8fe5e63b0e0e96c0cc8096f73630366052ed14c75ab8da7ba25706f5b0ab51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53746172745a59502f4356452d323031382d383132302e737667)
* **Exp**
  * <https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/f5e951a5f0f70e5755515dd398d20bc3405217920ddde4dda62d6476ccc7864a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f57696e646f7773456c65766174696f6e2e737667) [![forks](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)](https://camo.githubusercontent.com/33b0e2fb974a4b99652ef4c7bf65916728babb8fb582826d40383a57b37d866b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f57696e646f7773456c65766174696f6e2e737667)
  * <https://github.com/unamer/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/b5ad494bd38955c946c6ed755c05c071f524ea7f33e8393bd6d3d9f5b8fcf349/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f756e616d65722f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/b5ad494bd38955c946c6ed755c05c071f524ea7f33e8393bd6d3d9f5b8fcf349/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f756e616d65722f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/3a922db39198b51caaf633dba6e472d099664b2477ed303945157a689897349e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f756e616d65722f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/3a922db39198b51caaf633dba6e472d099664b2477ed303945157a689897349e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f756e616d65722f4356452d323031382d383132302e737667)
  * <https://github.com/alpha1ab/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/61fa8a549886ba79da640dedb6701b2655b656855937c73e6a6c19f3d1cd2910/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616c7068613161622f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/61fa8a549886ba79da640dedb6701b2655b656855937c73e6a6c19f3d1cd2910/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616c7068613161622f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/da3354359fbdaa055afa40fb1eb0d2cc678d893effa39c4a079a120699b5df28/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616c7068613161622f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/da3354359fbdaa055afa40fb1eb0d2cc678d893effa39c4a079a120699b5df28/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616c7068613161622f4356452d323031382d383132302e737667)
  * <https://github.com/bigric3/cve-2018-8120> : [![starts](https://camo.githubusercontent.com/4bd63321d60ab6df3decebe9ef58afbc45c96ed31c8bd87b66f0ff93b5789d26/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626967726963332f6376652d323031382d383132302e737667)](https://camo.githubusercontent.com/4bd63321d60ab6df3decebe9ef58afbc45c96ed31c8bd87b66f0ff93b5789d26/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626967726963332f6376652d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/47fbed8d19e81069646decc844a3b044ed31a5af3fcb37cdc19d71c54445a8dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f626967726963332f6376652d323031382d383132302e737667)](https://camo.githubusercontent.com/47fbed8d19e81069646decc844a3b044ed31a5af3fcb37cdc19d71c54445a8dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f626967726963332f6376652d323031382d383132302e737667)
  * <https://github.com/ne1llee/cve-2018-8120> : [![starts](https://camo.githubusercontent.com/f7c692cdbda082156d9bfaf930bf84ae390319c791fb85b4ab3c6ae8a44c0e14/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e65316c6c65652f6376652d323031382d383132302e737667)](https://camo.githubusercontent.com/f7c692cdbda082156d9bfaf930bf84ae390319c791fb85b4ab3c6ae8a44c0e14/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e65316c6c65652f6376652d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/9de9300220188e013a0b37e6dbfb9145f73664113b33fc1ed8cecb8e0d172ff3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e65316c6c65652f6376652d323031382d383132302e737667)](https://camo.githubusercontent.com/9de9300220188e013a0b37e6dbfb9145f73664113b33fc1ed8cecb8e0d172ff3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e65316c6c65652f6376652d323031382d383132302e737667)
  * <https://github.com/ozkanbilge/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/8b073f7c4256ba9237d38a32b2fae76122e223a1b93423b4aeacf8408068a15a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f7a6b616e62696c67652f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/8b073f7c4256ba9237d38a32b2fae76122e223a1b93423b4aeacf8408068a15a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6f7a6b616e62696c67652f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/789a83733eb4a232e6d0c27e3213e965a8127f36ee3fa5de544c8cac402c64bf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f7a6b616e62696c67652f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/789a83733eb4a232e6d0c27e3213e965a8127f36ee3fa5de544c8cac402c64bf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6f7a6b616e62696c67652f4356452d323031382d383132302e737667)
  * <https://github.com/EVOL4/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/f38d7398362e62f0f112a6285e817cba93b9349de60e5ae49f9cdee1de4197ad/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45564f4c342f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/f38d7398362e62f0f112a6285e817cba93b9349de60e5ae49f9cdee1de4197ad/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f45564f4c342f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/88c75d46d188b58e3de89ce19ab44402e8cea6072be15d84004a273c15ff2628/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f45564f4c342f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/88c75d46d188b58e3de89ce19ab44402e8cea6072be15d84004a273c15ff2628/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f45564f4c342f4356452d323031382d383132302e737667)
  * <https://github.com/qiantu88/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/a0fadb78b9838b18f3ae250b2b2ab1cdf5d2fe30c1e5f51f8b55940ce09bd13f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7169616e747538382f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/a0fadb78b9838b18f3ae250b2b2ab1cdf5d2fe30c1e5f51f8b55940ce09bd13f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7169616e747538382f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/0c49424c045fd65554d95bc164bcc8649129cd998c468fefe860090c35e6fb2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7169616e747538382f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/0c49424c045fd65554d95bc164bcc8649129cd998c468fefe860090c35e6fb2e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7169616e747538382f4356452d323031382d383132302e737667)
  * <https://github.com/Y0n0Y/cve-2018-8120-exp> : [![starts](https://camo.githubusercontent.com/39b92d46c9836c51c207fd672c5cdb1d16fb1bc6cb103eb62e22b445811c2bff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f59306e30592f6376652d323031382d383132302d6578702e737667)](https://camo.githubusercontent.com/39b92d46c9836c51c207fd672c5cdb1d16fb1bc6cb103eb62e22b445811c2bff/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f59306e30592f6376652d323031382d383132302d6578702e737667) [![forks](https://camo.githubusercontent.com/3968bc4ab5abc70269b3562ad21509fb2388d452f9baa63f21308af653ce925d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f59306e30592f6376652d323031382d383132302d6578702e737667)](https://camo.githubusercontent.com/3968bc4ab5abc70269b3562ad21509fb2388d452f9baa63f21308af653ce925d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f59306e30592f6376652d323031382d383132302d6578702e737667)
  * <https://github.com/DreamoneOnly/CVE-2018-8120> : [![starts](https://camo.githubusercontent.com/2092da317dbd55546c2d68e1a69996c40871616ea0d4939a19ccfd4a557a11c6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f447265616d6f6e654f6e6c792f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/2092da317dbd55546c2d68e1a69996c40871616ea0d4939a19ccfd4a557a11c6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f447265616d6f6e654f6e6c792f4356452d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/d561835e607a2d192fefbb33a3ea2d4a09ac0be9fd834e6efcf7531f385e96dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f447265616d6f6e654f6e6c792f4356452d323031382d383132302e737667)](https://camo.githubusercontent.com/d561835e607a2d192fefbb33a3ea2d4a09ac0be9fd834e6efcf7531f385e96dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f447265616d6f6e654f6e6c792f4356452d323031382d383132302e737667)
  * <https://github.com/wikiZ/cve-2018-8120> : [![starts](https://camo.githubusercontent.com/758f7a18cf5e631d0b5970a6dd9cb2ff4d3bd0b1d775b2c8c98c5604e6f5d4b9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77696b695a2f6376652d323031382d383132302e737667)](https://camo.githubusercontent.com/758f7a18cf5e631d0b5970a6dd9cb2ff4d3bd0b1d775b2c8c98c5604e6f5d4b9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77696b695a2f6376652d323031382d383132302e737667) [![forks](https://camo.githubusercontent.com/4d0dcea694f4787870c285b1d2e35c95adc942d819f7eebc3cb11a2700e81be2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77696b695a2f6376652d323031382d383132302e737667)](https://camo.githubusercontent.com/4d0dcea694f4787870c285b1d2e35c95adc942d819f7eebc3cb11a2700e81be2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77696b695a2f6376652d323031382d383132302e737667)

### CVE-2018-7249

> An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.

* **Exp**
  * <https://github.com/Elvin9/NotSecDrv> : [![starts](https://camo.githubusercontent.com/cdbc753db28deac921393d66181384d6a6d1e5df2bbfea28b2a8107c52b5b36c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456c76696e392f4e6f745365634472762e737667)](https://camo.githubusercontent.com/cdbc753db28deac921393d66181384d6a6d1e5df2bbfea28b2a8107c52b5b36c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456c76696e392f4e6f745365634472762e737667) [![forks](https://camo.githubusercontent.com/e64a428dd1278f91a74f74b030e20a01f3f20b7e87b386757a7e166f52b28404/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f456c76696e392f4e6f745365634472762e737667)](https://camo.githubusercontent.com/e64a428dd1278f91a74f74b030e20a01f3f20b7e87b386757a7e166f52b28404/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f456c76696e392f4e6f745365634472762e737667)

### CVE-2018-1038

> The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://blog.xpnsec.com/total-meltdown-cve-2018-1038/>
  * <https://www.anquanke.com/post/id/106156>
  * <https://de4dcr0w.github.io/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/CVE-2018-1038-TotalMeltdown%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E7%9A%84%E4%B8%80%E7%82%B9%E8%AE%B0%E5%BD%95.html>
* **Exp**
  * <https://gist.github.com/xpn/3792ec34d712425a5c47caf5677de5fe>
  * <https://www.exploit-db.com/exploits/44581>

### CVE-2018-0886

> The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

* **Analyse**
  * <https://www.anquanke.com/post/id/101158>
* **Exp**
  * <https://github.com/preempt/credssp> : [![starts](https://camo.githubusercontent.com/78678e320cfb0f13cb363aeb2f087fd267444e9bc71026c8da466eba5bbfa92c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f707265656d70742f637265647373702e737667)](https://camo.githubusercontent.com/78678e320cfb0f13cb363aeb2f087fd267444e9bc71026c8da466eba5bbfa92c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f707265656d70742f637265647373702e737667) [![forks](https://camo.githubusercontent.com/b52223b2badf7f8a998b844f11340d1e06f08623704be8aedd49df79586fb427/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f707265656d70742f637265647373702e737667)](https://camo.githubusercontent.com/b52223b2badf7f8a998b844f11340d1e06f08623704be8aedd49df79586fb427/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f707265656d70742f637265647373702e737667)

### CVE-2018-0824

> A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

* **Analyse**
  * <https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html>
  * <https://www.anquanke.com/post/id/148749>
* **Exp**
  * <https://www.exploit-db.com/exploits/44906>
  * <https://github.com/codewhitesec/UnmarshalPwn> : [![starts](https://camo.githubusercontent.com/4068af84ba39745ca67e357b223de6af7883cab45693c451101fe7bedb801400/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f646577686974657365632f556e6d61727368616c50776e2e737667)](https://camo.githubusercontent.com/4068af84ba39745ca67e357b223de6af7883cab45693c451101fe7bedb801400/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636f646577686974657365632f556e6d61727368616c50776e2e737667) [![forks](https://camo.githubusercontent.com/3c1e8115c943c917b6206acdea1a844ec00085ad89a8d71874c8d54e6e4f1d37/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f646577686974657365632f556e6d61727368616c50776e2e737667)](https://camo.githubusercontent.com/3c1e8115c943c917b6206acdea1a844ec00085ad89a8d71874c8d54e6e4f1d37/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636f646577686974657365632f556e6d61727368616c50776e2e737667)

## 2017

### CVE-2017-11783

> Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability".

* **Exp**
  * <https://github.com/Sheisback/CVE-2017-11783> : [![starts](https://camo.githubusercontent.com/9594cfa111506e437501b6f0e0ea12b4654d7aa899ff811307a793bbd48774ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53686569736261636b2f4356452d323031372d31313738332e737667)](https://camo.githubusercontent.com/9594cfa111506e437501b6f0e0ea12b4654d7aa899ff811307a793bbd48774ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53686569736261636b2f4356452d323031372d31313738332e737667) [![forks](https://camo.githubusercontent.com/d731b0fafe7f0947e2116adaaca6894c01b8165f6e8859af4e0fb016a3d3c266/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53686569736261636b2f4356452d323031372d31313738332e737667)](https://camo.githubusercontent.com/d731b0fafe7f0947e2116adaaca6894c01b8165f6e8859af4e0fb016a3d3c266/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53686569736261636b2f4356452d323031372d31313738332e737667)

### CVE-2017-8543

> Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

* **Analyse**
  * <https://paper.seebug.org/355/>

### CVE-2017-8465

> Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.

* **Exp**
  * <https://github.com/nghiadt1098/CVE-2017-8465> : [![starts](https://camo.githubusercontent.com/49605cffa86496cff6a4ccc2439be4dbcbfcb462b83e4a4d1cca1c8746131e14/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e676869616474313039382f4356452d323031372d383436352e737667)](https://camo.githubusercontent.com/49605cffa86496cff6a4ccc2439be4dbcbfcb462b83e4a4d1cca1c8746131e14/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e676869616474313039382f4356452d323031372d383436352e737667) [![forks](https://camo.githubusercontent.com/6d14ade0aa19a600513c1052c87042b12d429f5cd1ad661d7a3e7842d0ed9f5e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e676869616474313039382f4356452d323031372d383436352e737667)](https://camo.githubusercontent.com/6d14ade0aa19a600513c1052c87042b12d429f5cd1ad661d7a3e7842d0ed9f5e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e676869616474313039382f4356452d323031372d383436352e737667)

### CVE-2017-8464

> Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."

* **Analyse**
  * <https://my.oschina.net/u/4310658/blog/3695267>
  * <https://www.anquanke.com/post/id/202705>
  * <https://wohin.me/0dayan-quan-external-stuxnet-cve-2017-8464/>
  * <https://blog.csdn.net/baidu_41647119/article/details/103875396>
  * <http://www.vxjump.net/files/vuln_analysis/cve-2017-8464.txt>
* **PoC**
  * <https://github.com/Elm0D/CVE-2017-8464> : [![starts](https://camo.githubusercontent.com/55cee43aba2ffb695a25a624889250c0e750893537ab0e599b3ce1844130736a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456c6d30442f4356452d323031372d383436342e737667)](https://camo.githubusercontent.com/55cee43aba2ffb695a25a624889250c0e750893537ab0e599b3ce1844130736a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f456c6d30442f4356452d323031372d383436342e737667) [![forks](https://camo.githubusercontent.com/146500a2d28438089601250bc759d3cecfb3ebcea9d513937c6f5aa04ebefc70/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f456c6d30442f4356452d323031372d383436342e737667)](https://camo.githubusercontent.com/146500a2d28438089601250bc759d3cecfb3ebcea9d513937c6f5aa04ebefc70/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f456c6d30442f4356452d323031372d383436342e737667)
* **Exp**
  * <https://www.exploit-db.com/exploits/42382/>
  * <https://www.exploit-db.com/exploits/42429/>
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2017-8464> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/3gstudent/CVE-2017-8464-EXP> : [![starts](https://camo.githubusercontent.com/6d774f68baf91837fdbbdc7466933f323ff6b425abb077b34ffff46bacc84d70/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f336773747564656e742f4356452d323031372d383436342d4558502e737667)](https://camo.githubusercontent.com/6d774f68baf91837fdbbdc7466933f323ff6b425abb077b34ffff46bacc84d70/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f336773747564656e742f4356452d323031372d383436342d4558502e737667) [![forks](https://camo.githubusercontent.com/a794ff98a2364dd2ed8a17ce70a29f116f7c8561edddcd9eee5a949d5ed241b1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f336773747564656e742f4356452d323031372d383436342d4558502e737667)](https://camo.githubusercontent.com/a794ff98a2364dd2ed8a17ce70a29f116f7c8561edddcd9eee5a949d5ed241b1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f336773747564656e742f4356452d323031372d383436342d4558502e737667)
  * <https://github.com/Securitykid/CVE-2017-8464-exp-generator> : [![starts](https://camo.githubusercontent.com/f73ded6a35212f846d01490000407bfe85a19d27121091f9d4611304fb234739/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656375726974796b69642f4356452d323031372d383436342d6578702d67656e657261746f722e737667)](https://camo.githubusercontent.com/f73ded6a35212f846d01490000407bfe85a19d27121091f9d4611304fb234739/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656375726974796b69642f4356452d323031372d383436342d6578702d67656e657261746f722e737667) [![forks](https://camo.githubusercontent.com/903b163c3f7fdf7196bf3a03acf51084bed1ddbe99cf3fbf22cdfbcdc5ade26a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656375726974796b69642f4356452d323031372d383436342d6578702d67656e657261746f722e737667)](https://camo.githubusercontent.com/903b163c3f7fdf7196bf3a03acf51084bed1ddbe99cf3fbf22cdfbcdc5ade26a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656375726974796b69642f4356452d323031372d383436342d6578702d67656e657261746f722e737667)
  * <https://github.com/xssfile/CVE-2017-8464-EXP> : [![starts](https://camo.githubusercontent.com/72fc999239f5aa1cea27cd301ffa38314a8f1aa6c894ea0c5fc6094305d54b5c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f78737366696c652f4356452d323031372d383436342d4558502e737667)](https://camo.githubusercontent.com/72fc999239f5aa1cea27cd301ffa38314a8f1aa6c894ea0c5fc6094305d54b5c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f78737366696c652f4356452d323031372d383436342d4558502e737667) [![forks](https://camo.githubusercontent.com/9db33b66c8a0e3504a35ab83c471f51aa6db74bbe24643660fa7f7b59eadf4d2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f78737366696c652f4356452d323031372d383436342d4558502e737667)](https://camo.githubusercontent.com/9db33b66c8a0e3504a35ab83c471f51aa6db74bbe24643660fa7f7b59eadf4d2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f78737366696c652f4356452d323031372d383436342d4558502e737667)
  * <https://github.com/X-Vector/usbhijacking> : [![starts](https://camo.githubusercontent.com/bf7acc91712c01714b2bf9ad14ebc70c0ac2f3c074e63f3a9e132653bd586006/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f582d566563746f722f75736268696a61636b696e672e737667)](https://camo.githubusercontent.com/bf7acc91712c01714b2bf9ad14ebc70c0ac2f3c074e63f3a9e132653bd586006/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f582d566563746f722f75736268696a61636b696e672e737667) [![forks](https://camo.githubusercontent.com/5d75df8117a3cc509d1098b352f9a5dc6346849d2eeb0e92516c7eea76e63dd4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f582d566563746f722f75736268696a61636b696e672e737667)](https://camo.githubusercontent.com/5d75df8117a3cc509d1098b352f9a5dc6346849d2eeb0e92516c7eea76e63dd4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f582d566563746f722f75736268696a61636b696e672e737667)

### CVE-2017-7269

> Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: \<http\://" in a PROPFIND request, as exploited in the wild in July or August 2016.

* **Analyse**
  * <https://paper.seebug.org/259/>
* **PoC**
  * <https://github.com/lcatro/CVE-2017-7269-Echo-PoC> : [![starts](https://camo.githubusercontent.com/99d938da1e51901ad84fd413735273897783c99ec351232849603db6aff75e87/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c636174726f2f4356452d323031372d373236392d4563686f2d506f432e737667)](https://camo.githubusercontent.com/99d938da1e51901ad84fd413735273897783c99ec351232849603db6aff75e87/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6c636174726f2f4356452d323031372d373236392d4563686f2d506f432e737667) [![forks](https://camo.githubusercontent.com/ea98da840fffabf8d78ee8dfd4e970d282e0785ce3ea3260d0e4b9834687b7ab/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c636174726f2f4356452d323031372d373236392d4563686f2d506f432e737667)](https://camo.githubusercontent.com/ea98da840fffabf8d78ee8dfd4e970d282e0785ce3ea3260d0e4b9834687b7ab/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6c636174726f2f4356452d323031372d373236392d4563686f2d506f432e737667)
* **Exp**
  * <https://github.com/zcgonvh/cve-2017-7269> : [![starts](https://camo.githubusercontent.com/59227502d343a74965f9c6f230d3dcc917ca7160fd36e93948c99d3e6ac4a46b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f6376652d323031372d373236392e737667)](https://camo.githubusercontent.com/59227502d343a74965f9c6f230d3dcc917ca7160fd36e93948c99d3e6ac4a46b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f6376652d323031372d373236392e737667) [![forks](https://camo.githubusercontent.com/165ccd30a61ad43ba029837fa44c9dad18f69e79c8d6b591675e56d9ca4aa33c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f6376652d323031372d373236392e737667)](https://camo.githubusercontent.com/165ccd30a61ad43ba029837fa44c9dad18f69e79c8d6b591675e56d9ca4aa33c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f6376652d323031372d373236392e737667)
  * <https://github.com/zcgonvh/cve-2017-7269-tool> : [![starts](https://camo.githubusercontent.com/85a412ed46b126c409757976f563e0b3623f3d512b54e4a65c79aedd9193dad6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f6376652d323031372d373236392d746f6f6c2e737667)](https://camo.githubusercontent.com/85a412ed46b126c409757976f563e0b3623f3d512b54e4a65c79aedd9193dad6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f6376652d323031372d373236392d746f6f6c2e737667) [![forks](https://camo.githubusercontent.com/4d746b063d3802acef8a429176169b269ca44bcce1a1ff3434c99165b97db8a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f6376652d323031372d373236392d746f6f6c2e737667)](https://camo.githubusercontent.com/4d746b063d3802acef8a429176169b269ca44bcce1a1ff3434c99165b97db8a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f6376652d323031372d373236392d746f6f6c2e737667)
  * <https://github.com/g0rx/iis6-exploit-2017-CVE-2017-7269> : [![starts](https://camo.githubusercontent.com/2ea55781501fa31880495073cb033e1af3ea8ac6edd0fdf0d0a9916648548160/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f673072782f696973362d6578706c6f69742d323031372d4356452d323031372d373236392e737667)](https://camo.githubusercontent.com/2ea55781501fa31880495073cb033e1af3ea8ac6edd0fdf0d0a9916648548160/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f673072782f696973362d6578706c6f69742d323031372d4356452d323031372d373236392e737667) [![forks](https://camo.githubusercontent.com/a5b863e0c1e2a09e16d6151910574c75974ec0bdc88a5cced9c56e740fe0f597/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f673072782f696973362d6578706c6f69742d323031372d4356452d323031372d373236392e737667)](https://camo.githubusercontent.com/a5b863e0c1e2a09e16d6151910574c75974ec0bdc88a5cced9c56e740fe0f597/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f673072782f696973362d6578706c6f69742d323031372d4356452d323031372d373236392e737667)
  * <https://github.com/eliuha/webdav_exploit> : [![starts](https://camo.githubusercontent.com/dbd0da1177730f91de3f6918c2ff598364249bd39d58a892e8c883cbf2714878/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656c697568612f7765626461765f6578706c6f69742e737667)](https://camo.githubusercontent.com/dbd0da1177730f91de3f6918c2ff598364249bd39d58a892e8c883cbf2714878/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656c697568612f7765626461765f6578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/828debf17391f3e6b0500fb9031beb8ffd20b4fea700c95e307d5d959d9d86ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656c697568612f7765626461765f6578706c6f69742e737667)](https://camo.githubusercontent.com/828debf17391f3e6b0500fb9031beb8ffd20b4fea700c95e307d5d959d9d86ba/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656c697568612f7765626461765f6578706c6f69742e737667)
  * <https://github.com/Al1ex/CVE-2017-7269> : [![starts](https://camo.githubusercontent.com/cd055719b8b7e3146fe49ea71ac10a4fa4c8a4abd7d72efb0239ef909727a07f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f4356452d323031372d373236392e737667)](https://camo.githubusercontent.com/cd055719b8b7e3146fe49ea71ac10a4fa4c8a4abd7d72efb0239ef909727a07f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416c3165782f4356452d323031372d373236392e737667) [![forks](https://camo.githubusercontent.com/e4e1f5c131a5f79830f9ae1e2403c4e5496aa712bab9acd9d5a2e658dfd1cade/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f4356452d323031372d373236392e737667)](https://camo.githubusercontent.com/e4e1f5c131a5f79830f9ae1e2403c4e5496aa712bab9acd9d5a2e658dfd1cade/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f416c3165782f4356452d323031372d373236392e737667)
  * <https://github.com/slimpagey/IIS_6.0_WebDAV_Ruby> : [![starts](https://camo.githubusercontent.com/e7f616832a7db773c99db67823bf6833446bfd5fce2feafd3bf7c71126e8ae20/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736c696d70616765792f4949535f362e305f5765624441565f527562792e737667)](https://camo.githubusercontent.com/e7f616832a7db773c99db67823bf6833446bfd5fce2feafd3bf7c71126e8ae20/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736c696d70616765792f4949535f362e305f5765624441565f527562792e737667) [![forks](https://camo.githubusercontent.com/0e44c56d25263faf4b493e5f0aba727e6fb62cb136c6e94b5096051a4df88d08/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736c696d70616765792f4949535f362e305f5765624441565f527562792e737667)](https://camo.githubusercontent.com/0e44c56d25263faf4b493e5f0aba727e6fb62cb136c6e94b5096051a4df88d08/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736c696d70616765792f4949535f362e305f5765624441565f527562792e737667)
  * <https://github.com/caicai1355/CVE-2017-7269-exploit> : [![starts](https://camo.githubusercontent.com/91af60a9afb541671ecb0b8b074dabc50f49d841ac1edfa1c877b4ce10e13ce8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636169636169313335352f4356452d323031372d373236392d6578706c6f69742e737667)](https://camo.githubusercontent.com/91af60a9afb541671ecb0b8b074dabc50f49d841ac1edfa1c877b4ce10e13ce8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f636169636169313335352f4356452d323031372d373236392d6578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/a7f035c19b89ae28a008e28b25b3128102fa8ac2205269ee5d5a86be3063326a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636169636169313335352f4356452d323031372d373236392d6578706c6f69742e737667)](https://camo.githubusercontent.com/a7f035c19b89ae28a008e28b25b3128102fa8ac2205269ee5d5a86be3063326a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f636169636169313335352f4356452d323031372d373236392d6578706c6f69742e737667)

### CVE-2017-0290

> The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."

* **Analyse**
  * <https://0patch.blogspot.jp/2017/05/0patching-worst-windows-remote-code.html>
  * <https://www.anquanke.com/post/id/86136>
  * <https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/>
* **Exp**
  * <https://www.exploit-db.com/exploits/41975/>
  * <https://github.com/homjxi0e/CVE-2017-0290-> : [![starts](https://camo.githubusercontent.com/64e03c63512ae821221e4aed9a64c2b24f76d1f6a8816d951f817385ec3d2743/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686f6d6a786930652f4356452d323031372d303239302d2e737667)](https://camo.githubusercontent.com/64e03c63512ae821221e4aed9a64c2b24f76d1f6a8816d951f817385ec3d2743/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686f6d6a786930652f4356452d323031372d303239302d2e737667) [![forks](https://camo.githubusercontent.com/89a91d79b01d5ee901c2dd441dbce94b116abdbe2dac9f912a6121ef36068d9c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f686f6d6a786930652f4356452d323031372d303239302d2e737667)](https://camo.githubusercontent.com/89a91d79b01d5ee901c2dd441dbce94b116abdbe2dac9f912a6121ef36068d9c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f686f6d6a786930652f4356452d323031372d303239302d2e737667)

### CVE-2017-0263

> The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://www.anquanke.com/post/id/102377>
  * <https://www.anquanke.com/post/id/102378>
  * <https://xz.aliyun.com/t/9287>
  * <https://50u1w4y.github.io/site/recurrence/CVE-2017-0263/>
* **PoC**
  * <https://www.exploit-db.com/exploits/44478>

### CVE-2017-0213

> Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.

* **Analyse**
  * <https://cloud.tencent.com/developer/article/1045805>
* **Exp**
  * <https://www.exploit-db.com/exploits/42020/>
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2017-0213> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/zcgonvh/CVE-2017-0213> : [![starts](https://camo.githubusercontent.com/d9bff1e26214d2d7b23c6b15da4618de03643fcb3d3b7152f78ae95a716544b0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f4356452d323031372d303231332e737667)](https://camo.githubusercontent.com/d9bff1e26214d2d7b23c6b15da4618de03643fcb3d3b7152f78ae95a716544b0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f4356452d323031372d303231332e737667) [![forks](https://camo.githubusercontent.com/4cc16c493088beaa71bc3e8e4707968bf56f6130f9eede787ecb122b5917b251/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f4356452d323031372d303231332e737667)](https://camo.githubusercontent.com/4cc16c493088beaa71bc3e8e4707968bf56f6130f9eede787ecb122b5917b251/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f4356452d323031372d303231332e737667)
  * <https://github.com/eonrickity/CVE-2017-0213> : [![starts](https://camo.githubusercontent.com/683e962343432fec65e935b685e3644f50a74a384e98b178b9efb196cff120e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656f6e7269636b6974792f4356452d323031372d303231332e737667)](https://camo.githubusercontent.com/683e962343432fec65e935b685e3644f50a74a384e98b178b9efb196cff120e6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f656f6e7269636b6974792f4356452d323031372d303231332e737667) [![forks](https://camo.githubusercontent.com/ec009c39fb04645350eaa966d4b86552f2578999b6494f2ef50fd277fd466b0e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656f6e7269636b6974792f4356452d323031372d303231332e737667)](https://camo.githubusercontent.com/ec009c39fb04645350eaa966d4b86552f2578999b6494f2ef50fd277fd466b0e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f656f6e7269636b6974792f4356452d323031372d303231332e737667)
  * <https://github.com/jbooz1/CVE-2017-0213> : [![starts](https://camo.githubusercontent.com/7370fe4b2d7d92c2066df7d4f65757b1fb364e2fc1017270110b57f67f4f2da8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a626f6f7a312f4356452d323031372d303231332e737667)](https://camo.githubusercontent.com/7370fe4b2d7d92c2066df7d4f65757b1fb364e2fc1017270110b57f67f4f2da8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a626f6f7a312f4356452d323031372d303231332e737667) [![forks](https://camo.githubusercontent.com/cdd1a0be9526bed60e4fb2b54e5611dae58083c9be2f5ae2a40a9799ccb19ffa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a626f6f7a312f4356452d323031372d303231332e737667)](https://camo.githubusercontent.com/cdd1a0be9526bed60e4fb2b54e5611dae58083c9be2f5ae2a40a9799ccb19ffa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a626f6f7a312f4356452d323031372d303231332e737667)
  * <https://github.com/Jos675/CVE-2017-0213-Exploit> : [![starts](https://camo.githubusercontent.com/782bfd7f238c6df3590769bcd3a872aa451fe1a1ae689f6e2fc6f032aa94a4b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a6f733637352f4356452d323031372d303231332d4578706c6f69742e737667)](https://camo.githubusercontent.com/782bfd7f238c6df3590769bcd3a872aa451fe1a1ae689f6e2fc6f032aa94a4b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4a6f733637352f4356452d323031372d303231332d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/d5c0f74eca6c1116fd49f992856d908ef0cb2101e551642078d5fb0e6ddd3547/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4a6f733637352f4356452d323031372d303231332d4578706c6f69742e737667)](https://camo.githubusercontent.com/d5c0f74eca6c1116fd49f992856d908ef0cb2101e551642078d5fb0e6ddd3547/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4a6f733637352f4356452d323031372d303231332d4578706c6f69742e737667)
  * <https://github.com/shaheemirza/CVE-2017-0213-> : [![starts](https://camo.githubusercontent.com/c135aeeac51c526e5bc2a9a3f06011defc57aa0f3d1ffcdc79b7c6b5d27f7e01/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7368616865656d69727a612f4356452d323031372d303231332d2e737667)](https://camo.githubusercontent.com/c135aeeac51c526e5bc2a9a3f06011defc57aa0f3d1ffcdc79b7c6b5d27f7e01/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7368616865656d69727a612f4356452d323031372d303231332d2e737667) [![forks](https://camo.githubusercontent.com/e2c381bc96ef5f93e3ed6c005b703c74d93b387967039c83ec8ff964a1c2e943/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7368616865656d69727a612f4356452d323031372d303231332d2e737667)](https://camo.githubusercontent.com/e2c381bc96ef5f93e3ed6c005b703c74d93b387967039c83ec8ff964a1c2e943/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7368616865656d69727a612f4356452d323031372d303231332d2e737667)

### CVE-2017-0143 (MS17-010)

> The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

* **Analyse**
  * <https://www.anquanke.com/post/id/86270>
  * github <https://github.com/worawit/MS17-010/blob/master/BUG.txt>
  * <https://yi0934.github.io/2019/04/08/CVE%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ms17-010/>
  * <https://cy2cs.top/2020/08/22/%E3%80%90owva%E3%80%91%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/>
  * <https://paper.seebug.org/280/>
* **PoC**
  * <https://github.com/peterpt/eternal_scanner> : [![starts](https://camo.githubusercontent.com/092fe5ec42c4620e4df959b599cb334f66b48dad9576d11bd40f53908a301f9d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f706574657270742f657465726e616c5f7363616e6e65722e737667)](https://camo.githubusercontent.com/092fe5ec42c4620e4df959b599cb334f66b48dad9576d11bd40f53908a301f9d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f706574657270742f657465726e616c5f7363616e6e65722e737667) [![forks](https://camo.githubusercontent.com/ea42d51fc0f4299a1c9fe582bed6c8206d331c925706d299013bba10a40dd097/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f706574657270742f657465726e616c5f7363616e6e65722e737667)](https://camo.githubusercontent.com/ea42d51fc0f4299a1c9fe582bed6c8206d331c925706d299013bba10a40dd097/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f706574657270742f657465726e616c5f7363616e6e65722e737667)
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS17-010> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/worawit/MS17-010> : [![starts](https://camo.githubusercontent.com/771dd2d27632b6251191854ac1d4fb9e06a785e568a6720dc00368bd4b8a30d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f776f72617769742f4d5331372d3031302e737667)](https://camo.githubusercontent.com/771dd2d27632b6251191854ac1d4fb9e06a785e568a6720dc00368bd4b8a30d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f776f72617769742f4d5331372d3031302e737667) [![forks](https://camo.githubusercontent.com/c04b61d38f4dbb02906d46b9bd58f7923e3ebb342c3c1357d3b103069351212e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f776f72617769742f4d5331372d3031302e737667)](https://camo.githubusercontent.com/c04b61d38f4dbb02906d46b9bd58f7923e3ebb342c3c1357d3b103069351212e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f776f72617769742f4d5331372d3031302e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2017-0143> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/3ndG4me/AutoBlue-MS17-010> : [![starts](https://camo.githubusercontent.com/7a345804923324d48f11161f1d1251ca5c3d38ec5dd90a6d61229128a944e1f9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f336e6447346d652f4175746f426c75652d4d5331372d3031302e737667)](https://camo.githubusercontent.com/7a345804923324d48f11161f1d1251ca5c3d38ec5dd90a6d61229128a944e1f9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f336e6447346d652f4175746f426c75652d4d5331372d3031302e737667) [![forks](https://camo.githubusercontent.com/fec2fa8b457a1b116100921eea77bf60ecb6c9d225f302ae1fd884b917b7761f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f336e6447346d652f4175746f426c75652d4d5331372d3031302e737667)](https://camo.githubusercontent.com/fec2fa8b457a1b116100921eea77bf60ecb6c9d225f302ae1fd884b917b7761f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f336e6447346d652f4175746f426c75652d4d5331372d3031302e737667)
  * <https://github.com/bhassani/EternalBlueC> : [![starts](https://camo.githubusercontent.com/63d0d7c8c6f622deaf95adc05f0e6b9e9d53c16f5f7daf7c1e06354adbd584b1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6268617373616e692f457465726e616c426c7565432e737667)](https://camo.githubusercontent.com/63d0d7c8c6f622deaf95adc05f0e6b9e9d53c16f5f7daf7c1e06354adbd584b1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6268617373616e692f457465726e616c426c7565432e737667) [![forks](https://camo.githubusercontent.com/027e82a062f2d2b5a8760c20f5d129ee84dd41665d72d4998566c133836c52b6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6268617373616e692f457465726e616c426c7565432e737667)](https://camo.githubusercontent.com/027e82a062f2d2b5a8760c20f5d129ee84dd41665d72d4998566c133836c52b6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6268617373616e692f457465726e616c426c7565432e737667)
  * <https://github.com/mez-0/MS17-010-Python> : [![starts](https://camo.githubusercontent.com/3913e122213dff21a94e34940af4af14db57ef434d47dc5fc0096100b0437e2f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d657a2d302f4d5331372d3031302d507974686f6e2e737667)](https://camo.githubusercontent.com/3913e122213dff21a94e34940af4af14db57ef434d47dc5fc0096100b0437e2f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d657a2d302f4d5331372d3031302d507974686f6e2e737667) [![forks](https://camo.githubusercontent.com/82648f03b021d7e0ec9eeba0dc29143021f1e62e3eb17e6a3d4400ce5a2749fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d657a2d302f4d5331372d3031302d507974686f6e2e737667)](https://camo.githubusercontent.com/82648f03b021d7e0ec9eeba0dc29143021f1e62e3eb17e6a3d4400ce5a2749fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d657a2d302f4d5331372d3031302d507974686f6e2e737667)
  * <https://github.com/hanshaze/MS17-010-EternalBlue-WinXP-Win10> : [![starts](https://camo.githubusercontent.com/267b7d50edf9ae0f9c951183a60b616684df4838e928e8103823ca4ce5b7d17d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616e7368617a652f4d5331372d3031302d457465726e616c426c75652d57696e58502d57696e31302e737667)](https://camo.githubusercontent.com/267b7d50edf9ae0f9c951183a60b616684df4838e928e8103823ca4ce5b7d17d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68616e7368617a652f4d5331372d3031302d457465726e616c426c75652d57696e58502d57696e31302e737667) [![forks](https://camo.githubusercontent.com/3f3e9e3570091009ba6758a73644999c0da402334a34979778d5c5c3d2984725/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f68616e7368617a652f4d5331372d3031302d457465726e616c426c75652d57696e58502d57696e31302e737667)](https://camo.githubusercontent.com/3f3e9e3570091009ba6758a73644999c0da402334a34979778d5c5c3d2984725/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f68616e7368617a652f4d5331372d3031302d457465726e616c426c75652d57696e58502d57696e31302e737667)
  * <https://github.com/povlteksttv/Eternalblue> : [![starts](https://camo.githubusercontent.com/5606523b3afd86c9556640debfdd63e47211cea1d99136762117ed98d1e114fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f706f766c74656b737474762f457465726e616c626c75652e737667)](https://camo.githubusercontent.com/5606523b3afd86c9556640debfdd63e47211cea1d99136762117ed98d1e114fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f706f766c74656b737474762f457465726e616c626c75652e737667) [![forks](https://camo.githubusercontent.com/ede47560e5ad1e8e9260321f7cdf04c6f76ac921a1ecdf83f22bc404a1ed0a35/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f706f766c74656b737474762f457465726e616c626c75652e737667)](https://camo.githubusercontent.com/ede47560e5ad1e8e9260321f7cdf04c6f76ac921a1ecdf83f22bc404a1ed0a35/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f706f766c74656b737474762f457465726e616c626c75652e737667)
  * <https://github.com/pythonone/MS17-010> : [![starts](https://camo.githubusercontent.com/36ef4d3e5a4eb1076d6c88215195a08d65b17e2502c17490b820de81d80274e3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f707974686f6e6f6e652f4d5331372d3031302e737667)](https://camo.githubusercontent.com/36ef4d3e5a4eb1076d6c88215195a08d65b17e2502c17490b820de81d80274e3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f707974686f6e6f6e652f4d5331372d3031302e737667) [![forks](https://camo.githubusercontent.com/79e4b42aefa5713ec71373825da9a7754560fa7a2d3447d565dcffd1a07fca00/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f707974686f6e6f6e652f4d5331372d3031302e737667)](https://camo.githubusercontent.com/79e4b42aefa5713ec71373825da9a7754560fa7a2d3447d565dcffd1a07fca00/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f707974686f6e6f6e652f4d5331372d3031302e737667)
  * <https://github.com/d4t4s3c/SMBploit> : [![starts](https://camo.githubusercontent.com/6116e77b34ab36d1ee5c9d4b76431f5c4c940dac7dd2e04c42ed11a5cbe7aa17/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f643474347333632f534d42706c6f69742e737667)](https://camo.githubusercontent.com/6116e77b34ab36d1ee5c9d4b76431f5c4c940dac7dd2e04c42ed11a5cbe7aa17/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f643474347333632f534d42706c6f69742e737667) [![forks](https://camo.githubusercontent.com/e35d41a0535965aa75e97f5a21c4854e0b617e16d6da25b8e925f040d32a0284/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f643474347333632f534d42706c6f69742e737667)](https://camo.githubusercontent.com/e35d41a0535965aa75e97f5a21c4854e0b617e16d6da25b8e925f040d32a0284/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f643474347333632f534d42706c6f69742e737667)
  * too more on github...

### CVE-2017-0101 (MS17-017)

> The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://paper.seebug.org/586/>
  * <https://bbs.pediy.com/thread-256949.htm>
* **Exp**
  * <https://www.exploit-db.com/exploits/44479/>
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2017-0101> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/kuteminh11/MS17-017-Microsoft-Windows-7-SP1-x86-Privilege-Escalation-Vulnerability> : [![starts](https://camo.githubusercontent.com/91fcf21552bfd138a203ebdde784d2c28e9b74e321de0117b1c69bedd5b665b9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b7574656d696e6831312f4d5331372d3031372d4d6963726f736f66742d57696e646f77732d372d5350312d7838362d50726976696c6567652d457363616c6174696f6e2d56756c6e65726162696c6974792e737667)](https://camo.githubusercontent.com/91fcf21552bfd138a203ebdde784d2c28e9b74e321de0117b1c69bedd5b665b9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b7574656d696e6831312f4d5331372d3031372d4d6963726f736f66742d57696e646f77732d372d5350312d7838362d50726976696c6567652d457363616c6174696f6e2d56756c6e65726162696c6974792e737667) [![forks](https://camo.githubusercontent.com/6e984f1d05b3f592af107fe76a28fdde2d7f753186eb716fdd86403ea33307dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b7574656d696e6831312f4d5331372d3031372d4d6963726f736f66742d57696e646f77732d372d5350312d7838362d50726976696c6567652d457363616c6174696f6e2d56756c6e65726162696c6974792e737667)](https://camo.githubusercontent.com/6e984f1d05b3f592af107fe76a28fdde2d7f753186eb716fdd86403ea33307dd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b7574656d696e6831312f4d5331372d3031372d4d6963726f736f66742d57696e646f77732d372d5350312d7838362d50726976696c6567652d457363616c6174696f6e2d56756c6e65726162696c6974792e737667)

### CVE-2017-0100 (MS17-012)

> A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://ha.cker.in/index.php/Article/22608>
* **Exp**
  * <https://github.com/Cn33liz/MS17-012> : [![starts](https://camo.githubusercontent.com/f6fae183452f1f195db1f344ad691315e21a2989c272f9b64fb5c66ca92373d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f436e33336c697a2f4d5331372d3031322e737667)](https://camo.githubusercontent.com/f6fae183452f1f195db1f344ad691315e21a2989c272f9b64fb5c66ca92373d9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f436e33336c697a2f4d5331372d3031322e737667) [![forks](https://camo.githubusercontent.com/6b8acf60dc5a73e6ed769a0aba5c7b83aa35ad560388f16e7cbf3dc81bf5cf23/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f436e33336c697a2f4d5331372d3031322e737667)](https://camo.githubusercontent.com/6b8acf60dc5a73e6ed769a0aba5c7b83aa35ad560388f16e7cbf3dc81bf5cf23/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f436e33336c697a2f4d5331372d3031322e737667)
  * <https://github.com/cssxn/CVE-2017-0100> : [![starts](https://camo.githubusercontent.com/92e40cf641da93507eaef35af94e5a390ff493bac825b1bc52a94afd4361b3bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f637373786e2f4356452d323031372d303130302e737667)](https://camo.githubusercontent.com/92e40cf641da93507eaef35af94e5a390ff493bac825b1bc52a94afd4361b3bc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f637373786e2f4356452d323031372d303130302e737667) [![forks](https://camo.githubusercontent.com/173fefdddc70eb5200a88b8ea5601d39b7e94bb8d960644d84bc00d0ff12dacb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f637373786e2f4356452d323031372d303130302e737667)](https://camo.githubusercontent.com/173fefdddc70eb5200a88b8ea5601d39b7e94bb8d960644d84bc00d0ff12dacb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f637373786e2f4356452d323031372d303130302e737667)

### CVE-2017-0005 (MS17-013)

> The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.

* **Analyse**
  * <https://www.anquanke.com/post/id/86669>
  * <https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/?source=mmpc>
* **PoC**
  * <https://github.com/sheri31/0005poc> : [![starts](https://camo.githubusercontent.com/4b00220ac98ebe8a5d305de1e66b0da275f2ea0eda4f46045a3c5d5540667c80/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736865726933312f30303035706f632e737667)](https://camo.githubusercontent.com/4b00220ac98ebe8a5d305de1e66b0da275f2ea0eda4f46045a3c5d5540667c80/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736865726933312f30303035706f632e737667) [![forks](https://camo.githubusercontent.com/64355fd05f7b50b945c734e1ba08b31083e6c070a6ea0e44b66c584f4de08e9e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736865726933312f30303035706f632e737667)](https://camo.githubusercontent.com/64355fd05f7b50b945c734e1ba08b31083e6c070a6ea0e44b66c584f4de08e9e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736865726933312f30303035706f632e737667)

## 2016

### CVE-2016-7255 (MS16-135)

> The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://www.anquanke.com/post/id/85232>
* **PoC**
  * <https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/Sample-Exploits/MS16-135> : [![starts](https://camo.githubusercontent.com/ea741e1dd68a38334def92c459cc537d864905a28dc886a7c3821655626dce74/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f46757a7a7953656375726974792f50534b65726e656c2d5072696d6974697665732e737667)](https://camo.githubusercontent.com/ea741e1dd68a38334def92c459cc537d864905a28dc886a7c3821655626dce74/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f46757a7a7953656375726974792f50534b65726e656c2d5072696d6974697665732e737667) [![forks](https://camo.githubusercontent.com/79a732bf95158493147fa88a3e75c5cb0a42b94269e76a48bb06a168c7fbbc69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f46757a7a7953656375726974792f50534b65726e656c2d5072696d6974697665732e737667)](https://camo.githubusercontent.com/79a732bf95158493147fa88a3e75c5cb0a42b94269e76a48bb06a168c7fbbc69/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f46757a7a7953656375726974792f50534b65726e656c2d5072696d6974697665732e737667)
  * <https://github.com/tinysec/public/tree/master/CVE-2016-7255> : [![starts](https://camo.githubusercontent.com/7c4bfb48a485907a2d0d535795a70b46f6e629756fb2b6938fc0613cb791e30f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74696e797365632f7075626c69632e737667)](https://camo.githubusercontent.com/7c4bfb48a485907a2d0d535795a70b46f6e629756fb2b6938fc0613cb791e30f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f74696e797365632f7075626c69632e737667) [![forks](https://camo.githubusercontent.com/565ae7a27f9ee9140ad3bb3a1bfce7df702ba878aad782598b5a8009e8107901/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f74696e797365632f7075626c69632e737667)](https://camo.githubusercontent.com/565ae7a27f9ee9140ad3bb3a1bfce7df702ba878aad782598b5a8009e8107901/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f74696e797365632f7075626c69632e737667)
  * <https://github.com/FSecureLABS/CVE-2016-7255> : [![starts](https://camo.githubusercontent.com/cc419b510992b0a95a0a87236cad116140159e5aa3af29ec1aa2de79cf71d443/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f465365637572654c4142532f4356452d323031362d373235352e737667)](https://camo.githubusercontent.com/cc419b510992b0a95a0a87236cad116140159e5aa3af29ec1aa2de79cf71d443/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f465365637572654c4142532f4356452d323031362d373235352e737667) [![forks](https://camo.githubusercontent.com/a10699add2c87bb0746f66776f052890be8696ab4db44055f4868d5c8a1891d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f465365637572654c4142532f4356452d323031362d373235352e737667)](https://camo.githubusercontent.com/a10699add2c87bb0746f66776f052890be8696ab4db44055f4868d5c8a1891d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f465365637572654c4142532f4356452d323031362d373235352e737667)
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-135> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-7255> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/heh3/CVE-2016-7255> : [![starts](https://camo.githubusercontent.com/b76f83137def81dc4399a4d9b575573468e87b332502a780d8c16c89e6430add/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686568332f4356452d323031362d373235352e737667)](https://camo.githubusercontent.com/b76f83137def81dc4399a4d9b575573468e87b332502a780d8c16c89e6430add/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686568332f4356452d323031362d373235352e737667) [![forks](https://camo.githubusercontent.com/693c756500f809726c9c88c52965bec20ebf3eed6e46a7becce74112936b355c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f686568332f4356452d323031362d373235352e737667)](https://camo.githubusercontent.com/693c756500f809726c9c88c52965bec20ebf3eed6e46a7becce74112936b355c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f686568332f4356452d323031362d373235352e737667)
  * <https://github.com/yuvatia/page-table-exploitation> : [![starts](https://camo.githubusercontent.com/9a7dc1779e6805d59611b7566b7ad610b1bacc702aac3377551e08679bc8b669/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f797576617469612f706167652d7461626c652d6578706c6f69746174696f6e2e737667)](https://camo.githubusercontent.com/9a7dc1779e6805d59611b7566b7ad610b1bacc702aac3377551e08679bc8b669/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f797576617469612f706167652d7461626c652d6578706c6f69746174696f6e2e737667) [![forks](https://camo.githubusercontent.com/87cb365413e2a41bdf249788f333048118fe595405a07e527e9708f2816d9c9c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f797576617469612f706167652d7461626c652d6578706c6f69746174696f6e2e737667)](https://camo.githubusercontent.com/87cb365413e2a41bdf249788f333048118fe595405a07e527e9708f2816d9c9c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f797576617469612f706167652d7461626c652d6578706c6f69746174696f6e2e737667)
  * <https://github.com/bbolmin/cve-2016-7255_x86_x64> : [![starts](https://camo.githubusercontent.com/435b87bf89f789670c59b9d364e8f1a9536f8c8f67337a2c698f05a303af198b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62626f6c6d696e2f6376652d323031362d373235355f7838365f7836342e737667)](https://camo.githubusercontent.com/435b87bf89f789670c59b9d364e8f1a9536f8c8f67337a2c698f05a303af198b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f62626f6c6d696e2f6376652d323031362d373235355f7838365f7836342e737667) [![forks](https://camo.githubusercontent.com/1afb07c1f7c96e723f0ce8504b1993aff3676b7183afd69e4174d9134b8d8017/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f62626f6c6d696e2f6376652d323031362d373235355f7838365f7836342e737667)](https://camo.githubusercontent.com/1afb07c1f7c96e723f0ce8504b1993aff3676b7183afd69e4174d9134b8d8017/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f62626f6c6d696e2f6376652d323031362d373235355f7838365f7836342e737667)
  * <https://github.com/homjxi0e/CVE-2016-7255> : [![starts](https://camo.githubusercontent.com/be9317261cd75a007aae306364bfeddddff90a5ec66dea69e73c287c746bb1b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686f6d6a786930652f4356452d323031362d373235352e737667)](https://camo.githubusercontent.com/be9317261cd75a007aae306364bfeddddff90a5ec66dea69e73c287c746bb1b7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f686f6d6a786930652f4356452d323031362d373235352e737667) [![forks](https://camo.githubusercontent.com/3dd91ee14cd76429aea3377270ff2751c7968491729ac816d5214af6541da216/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f686f6d6a786930652f4356452d323031362d373235352e737667)](https://camo.githubusercontent.com/3dd91ee14cd76429aea3377270ff2751c7968491729ac816d5214af6541da216/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f686f6d6a786930652f4356452d323031362d373235352e737667)

### CVE-2016-3371 (MS16-111)

> The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

* **Exp**
  * <https://www.exploit-db.com/exploits/40429/>
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-111> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-3371> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2016-3308/3309 (MS16-098)

> The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3309, CVE-2016-3310, and CVE-2016-3311.

* **Analyse**
  * <https://paper.seebug.org/37/>
  * <https://xz.aliyun.com/t/4543>
  * github <https://github.com/55-AA/CVE-2016-3308/blob/master/CVE-2016-3308.md>
  * <https://xz.aliyun.com/t/2919>
  * <https://paper.seebug.org/320/>
  * <https://security.tencent.com/index.php/blog/msg/117>
  * <https://www.anquanke.com/post/id/85302>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-098> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-3309> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/sensepost/gdi-palettes-exp> : [![starts](https://camo.githubusercontent.com/3a4b9e27d2e205e89dd09fdfbfee24975154048c19ac68c245eac35b4fa937a1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73656e7365706f73742f6764692d70616c65747465732d6578702e737667)](https://camo.githubusercontent.com/3a4b9e27d2e205e89dd09fdfbfee24975154048c19ac68c245eac35b4fa937a1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73656e7365706f73742f6764692d70616c65747465732d6578702e737667) [![forks](https://camo.githubusercontent.com/4367330a662463df46ab4eaf290c45552bcd7d8fc80eaf9ffee5a026ba564fed/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73656e7365706f73742f6764692d70616c65747465732d6578702e737667)](https://camo.githubusercontent.com/4367330a662463df46ab4eaf290c45552bcd7d8fc80eaf9ffee5a026ba564fed/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73656e7365706f73742f6764692d70616c65747465732d6578702e737667)
  * <https://github.com/55-AA/CVE-2016-3308> : [![starts](https://camo.githubusercontent.com/f99e5dd3d11f217ddbc80c43c21f0edc0083e2d600bf7c4382d049c90cf18a5e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f35352d41412f4356452d323031362d333330382e737667)](https://camo.githubusercontent.com/f99e5dd3d11f217ddbc80c43c21f0edc0083e2d600bf7c4382d049c90cf18a5e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f35352d41412f4356452d323031362d333330382e737667) [![forks](https://camo.githubusercontent.com/e513571c3aa0c0ff153778f921353ff255d12b07eb877cc2b66f703980f7f40e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f35352d41412f4356452d323031362d333330382e737667)](https://camo.githubusercontent.com/e513571c3aa0c0ff153778f921353ff255d12b07eb877cc2b66f703980f7f40e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f35352d41412f4356452d323031362d333330382e737667)
  * <https://github.com/siberas/CVE-2016-3309_Reloaded> : [![starts](https://camo.githubusercontent.com/42211cb30cc4f613d12bbf4568d5f0fb17b408f1f02fc686832324eeda16f2e7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736962657261732f4356452d323031362d333330395f52656c6f616465642e737667)](https://camo.githubusercontent.com/42211cb30cc4f613d12bbf4568d5f0fb17b408f1f02fc686832324eeda16f2e7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f736962657261732f4356452d323031362d333330395f52656c6f616465642e737667) [![forks](https://camo.githubusercontent.com/6856682fd6294b1b2cea2e10aef46a77e4bd7b5aad181a6bccbc8c5070e6b6a1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736962657261732f4356452d323031362d333330395f52656c6f616465642e737667)](https://camo.githubusercontent.com/6856682fd6294b1b2cea2e10aef46a77e4bd7b5aad181a6bccbc8c5070e6b6a1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f736962657261732f4356452d323031362d333330395f52656c6f616465642e737667)

### CVE-2016-3225 (MS16-075)

> The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."

* **Exp**
  * <https://www.exploit-db.com/exploits/45562/>
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-075> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-3225> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://www.secpulse.com/archives/72798.html>

### CVE-2016-0099 (MS16-032)

> The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-032> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-0099> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/zcgonvh/MS16-032> : [![starts](https://camo.githubusercontent.com/ca6d1610f4e649f8c07629fe3e39fbdf41a0966a54365d3c56bc13757410199b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f4d5331362d3033322e737667)](https://camo.githubusercontent.com/ca6d1610f4e649f8c07629fe3e39fbdf41a0966a54365d3c56bc13757410199b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a63676f6e76682f4d5331362d3033322e737667) [![forks](https://camo.githubusercontent.com/f9a38c85e6b78bf2990ff5c7d50a81a62d12bf50d74f4eced74f7be764a659cf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f4d5331362d3033322e737667)](https://camo.githubusercontent.com/f9a38c85e6b78bf2990ff5c7d50a81a62d12bf50d74f4eced74f7be764a659cf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a63676f6e76682f4d5331362d3033322e737667)
  * <https://github.com/Meatballs1/ms16-032> : [![starts](https://camo.githubusercontent.com/06abed90162ca7439646c7216aaf5a884289e318dfa1ad9cad7b9561f73ce827/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d65617462616c6c73312f6d7331362d3033322e737667)](https://camo.githubusercontent.com/06abed90162ca7439646c7216aaf5a884289e318dfa1ad9cad7b9561f73ce827/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d65617462616c6c73312f6d7331362d3033322e737667) [![forks](https://camo.githubusercontent.com/e7e9268b48d62b9a56ef10e03f8e665cebed9b8dc058fba9a560dbe2a0c4ad88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d65617462616c6c73312f6d7331362d3033322e737667)](https://camo.githubusercontent.com/e7e9268b48d62b9a56ef10e03f8e665cebed9b8dc058fba9a560dbe2a0c4ad88/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d65617462616c6c73312f6d7331362d3033322e737667)
  * <https://github.com/Sh3lldor/Get_System> : [![starts](https://camo.githubusercontent.com/4fc5e78a525c028e6af8152eb4957d619665cd38f7dd16eac578cf617de03449/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5368336c6c646f722f4765745f53797374656d2e737667)](https://camo.githubusercontent.com/4fc5e78a525c028e6af8152eb4957d619665cd38f7dd16eac578cf617de03449/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5368336c6c646f722f4765745f53797374656d2e737667) [![forks](https://camo.githubusercontent.com/c7a63f9acdb7c7142d8bb7d35ada944da7d395cd0023c0ffff900392281508a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5368336c6c646f722f4765745f53797374656d2e737667)](https://camo.githubusercontent.com/c7a63f9acdb7c7142d8bb7d35ada944da7d395cd0023c0ffff900392281508a0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5368336c6c646f722f4765745f53797374656d2e737667)

### CVE-2016-0095 (MS16-034)

> The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096.

* **Analyse**
  * <https://xz.aliyun.com/t/6008>
  * <http://weaponx.site/2017/08/11/CVE-2016-0095%E4%BB%8EPoC%E5%88%B0Exploit/>
  * <https://whereisk0shl.top/ssctf_pwn450_windows_kernel_exploitation_writeup.html>
  * github <https://github.com/k0keoyo/SSCTF-pwn450-ms16-034-writeup>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-034> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-0095> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/fengjixuchui/cve-2016-0095-x64> : [![starts](https://camo.githubusercontent.com/8b17c63ecdebc07ede2ec2567b7e20883950068bc8daa321ffa825cb1af80628/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66656e676a697875636875692f6376652d323031362d303039352d7836342e737667)](https://camo.githubusercontent.com/8b17c63ecdebc07ede2ec2567b7e20883950068bc8daa321ffa825cb1af80628/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66656e676a697875636875692f6376652d323031362d303039352d7836342e737667) [![forks](https://camo.githubusercontent.com/6dea1f849cfdfc60c6928740373d3c41f7d4559d7fa155a143a16823ebbb4401/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f66656e676a697875636875692f6376652d323031362d303039352d7836342e737667)](https://camo.githubusercontent.com/6dea1f849cfdfc60c6928740373d3c41f7d4559d7fa155a143a16823ebbb4401/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f66656e676a697875636875692f6376652d323031362d303039352d7836342e737667)

### CVE-2016-0051 (MS16-016)

> The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."

* **Exp**
  * <https://www.exploit-db.com/exploits/39788/>
  * <https://www.exploit-db.com/exploits/39432/>
  * <https://www.exploit-db.com/exploits/40085/>
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-016> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-0051> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/koczkatamas/CVE-2016-0051> : [![starts](https://camo.githubusercontent.com/ecfbc9c73297ffea1af2903edd9b56956be2a8c7eae8de7c23f162b8cce1a1e8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6f637a6b6174616d61732f4356452d323031362d303035312e737667)](https://camo.githubusercontent.com/ecfbc9c73297ffea1af2903edd9b56956be2a8c7eae8de7c23f162b8cce1a1e8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b6f637a6b6174616d61732f4356452d323031362d303035312e737667) [![forks](https://camo.githubusercontent.com/f9a990b4f34aef64b132a3ce133695e1ec36d95a3983a846832c54be8d933cf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6f637a6b6174616d61732f4356452d323031362d303035312e737667)](https://camo.githubusercontent.com/f9a990b4f34aef64b132a3ce133695e1ec36d95a3983a846832c54be8d933cf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b6f637a6b6174616d61732f4356452d323031362d303035312e737667)
  * <https://github.com/hexx0r/CVE-2016-0051> : [![starts](https://camo.githubusercontent.com/b8f32bae5ab40bd09565785c3643a52b05aebeb978dcc3d86efea5cb4486d374/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6865787830722f4356452d323031362d303035312e737667)](https://camo.githubusercontent.com/b8f32bae5ab40bd09565785c3643a52b05aebeb978dcc3d86efea5cb4486d374/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6865787830722f4356452d323031362d303035312e737667) [![forks](https://camo.githubusercontent.com/b073a4dc902258f74605dcd04a68f83ce3778c7e3eadd88789d797794ddc2bf6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6865787830722f4356452d323031362d303035312e737667)](https://camo.githubusercontent.com/b073a4dc902258f74605dcd04a68f83ce3778c7e3eadd88789d797794ddc2bf6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6865787830722f4356452d323031362d303035312e737667)

### CVE-2016-0041 (MS16-014)

> Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-014> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2016-0041> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2015

### CVE-2015-2546 (MS15-097)

> The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.

* **Analyse**
  * <http://drops.xmd5.com/static/drops/papers-9276.html>
  * <https://bbs.pediy.com/thread-263673.htm>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-097> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-2546> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/k0keoyo/CVE-2015-2546-Exploit> : [![starts](https://camo.githubusercontent.com/c0a8c5a50e3ca62b0890397d380ce4a4fba4abd4421170d3b54671dbb9d57086/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b306b656f796f2f4356452d323031352d323534362d4578706c6f69742e737667)](https://camo.githubusercontent.com/c0a8c5a50e3ca62b0890397d380ce4a4fba4abd4421170d3b54671dbb9d57086/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6b306b656f796f2f4356452d323031352d323534362d4578706c6f69742e737667) [![forks](https://camo.githubusercontent.com/0066a4d8e829fbc0836a7e2ffaab88c1a7ef200319b46762245deb927bf6ad5a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b306b656f796f2f4356452d323031352d323534362d4578706c6f69742e737667)](https://camo.githubusercontent.com/0066a4d8e829fbc0836a7e2ffaab88c1a7ef200319b46762245deb927bf6ad5a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6b306b656f796f2f4356452d323031352d323534362d4578706c6f69742e737667)

### CVE-2015-2387 (MS15-077)

> ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."

* **Exp**
  * <https://www.exploit-db.com/exploits/37098/>
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-077> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-2387> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2015-2370 (MS15-076)

> The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."

* **Analyse**
  * <http://bobao.360.cn/learning/detail/584.html>
  * <https://blog.csdn.net/oShuangYue12/article/details/84677607>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-076> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-2370> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/monoxgas/Trebuchet> : [![starts](https://camo.githubusercontent.com/2f8885e2d773ea3093110daf8e5ca265f5cba58e56709c9017eaa711d3275e3b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6f6e6f786761732f5472656275636865742e737667)](https://camo.githubusercontent.com/2f8885e2d773ea3093110daf8e5ca265f5cba58e56709c9017eaa711d3275e3b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d6f6e6f786761732f5472656275636865742e737667) [![forks](https://camo.githubusercontent.com/571e3fd18918193ac58506e17851479dc5b652195b6db04629967f0b32a19c7c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6f6e6f786761732f5472656275636865742e737667)](https://camo.githubusercontent.com/571e3fd18918193ac58506e17851479dc5b652195b6db04629967f0b32a19c7c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d6f6e6f786761732f5472656275636865742e737667)

### CVE-2015-1726 (MS15-061)

> Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."

* **Analyse**
  * github <https://github.com/LibreCrops/translation-zh_CN/blob/master/source/ms-15-061.rst>
  * <https://translation-zh-cn.readthedocs.io/zh_CN/latest/ms-15-061.html>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-061> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-1725> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/Rootkitsmm-zz/MS15-061> : [![starts](https://camo.githubusercontent.com/1da375adce201ba20971077397f46e87694acc98afd29b525ae25c78b7d8a293/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f526f6f746b6974736d6d2d7a7a2f4d5331352d3036312e737667)](https://camo.githubusercontent.com/1da375adce201ba20971077397f46e87694acc98afd29b525ae25c78b7d8a293/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f526f6f746b6974736d6d2d7a7a2f4d5331352d3036312e737667) [![forks](https://camo.githubusercontent.com/d6a6d278ee4806df3b766785e36358bf9436be79d4bf56eb8126083fe54461fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f526f6f746b6974736d6d2d7a7a2f4d5331352d3036312e737667)](https://camo.githubusercontent.com/d6a6d278ee4806df3b766785e36358bf9436be79d4bf56eb8126083fe54461fe/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f526f6f746b6974736d6d2d7a7a2f4d5331352d3036312e737667)

### CVE-2015-1701 (MS15-051)

> Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-051> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-1701> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/hfiref0x/CVE-2015-1701> : [![starts](https://camo.githubusercontent.com/410beaa5e34e38e6ed154f3898ec44a981643f9d5b1e47107e46e5cbc6daf84c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68666972656630782f4356452d323031352d313730312e737667)](https://camo.githubusercontent.com/410beaa5e34e38e6ed154f3898ec44a981643f9d5b1e47107e46e5cbc6daf84c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f68666972656630782f4356452d323031352d313730312e737667) [![forks](https://camo.githubusercontent.com/b94aed950efa1d6cb63fd108272264937053900d11507b049a5a0bd030286959/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f68666972656630782f4356452d323031352d313730312e737667)](https://camo.githubusercontent.com/b94aed950efa1d6cb63fd108272264937053900d11507b049a5a0bd030286959/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f68666972656630782f4356452d323031352d313730312e737667)

### CVE-2015-0062 (MS15-015)

> Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-015> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-0062> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2015-0057 (MS15-010)

> win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://xz.aliyun.com/t/4549>
  * <https://paper.seebug.org/1439/>
  * <https://www.anquanke.com/post/id/163973>
  * <https://blog.csdn.net/qq_35713009/article/details/102921859>
* **PoC**
  * <https://www.exploit-db.com/exploits/39035>
* **Exp**
  * <https://www.exploit-db.com/exploits/37098>
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-0057> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/55-AA/CVE-2015-0057> : [![starts](https://camo.githubusercontent.com/fe7f00770bdfb3f5e9f980f4e94ac42539fef6679adc353eb1200df2cd76e511/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f35352d41412f4356452d323031352d303035372e737667)](https://camo.githubusercontent.com/fe7f00770bdfb3f5e9f980f4e94ac42539fef6679adc353eb1200df2cd76e511/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f35352d41412f4356452d323031352d303035372e737667) [![forks](https://camo.githubusercontent.com/fd99d206d3c906eb299753dbea92f3c8fe061b09d1ee05f3d9b82a01055f0ccb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f35352d41412f4356452d323031352d303035372e737667)](https://camo.githubusercontent.com/fd99d206d3c906eb299753dbea92f3c8fe061b09d1ee05f3d9b82a01055f0ccb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f35352d41412f4356452d323031352d303035372e737667)

### CVE-2015-0003 (MS15-010)

> win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://www.shuzhiduo.com/A/Vx5M1WrL5N/>
  * <https://www.cnblogs.com/flycat-2016/p/5452929.html>
  * <https://www.fireeye.com/blog/threat-research/2015/07/dyre_banking_trojan.html>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-010> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-0003> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2015-0002 (MS15-001)

> The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://googleprojectzero.blogspot.com/2015/02/a-tokens-tale_9.html>
  * <http://www.vuln.cn/6702>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS15-001> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2015-0002> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2014

### CVE-2014-6324 (MS14-068)

> The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."

* **Analyse**
  * <https://naykcin.top/2020/01/12/ms14068/>
  * <https://www.cnblogs.com/feizianquan/p/11760564.html>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-068> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/ianxtianxt/MS14-068> : [![starts](https://camo.githubusercontent.com/49e9a04aa3851fc04cc1ee51b87afe65df7347f765c048fbc46b51925f48bf7a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f69616e787469616e78742f4d5331342d3036382e737667)](https://camo.githubusercontent.com/49e9a04aa3851fc04cc1ee51b87afe65df7347f765c048fbc46b51925f48bf7a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f69616e787469616e78742f4d5331342d3036382e737667) [![forks](https://camo.githubusercontent.com/2c6fdc9f2a6a17231c560afad4fe893e3bbc545f2180c7881ef8c2ded4baa440/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f69616e787469616e78742f4d5331342d3036382e737667)](https://camo.githubusercontent.com/2c6fdc9f2a6a17231c560afad4fe893e3bbc545f2180c7881ef8c2ded4baa440/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f69616e787469616e78742f4d5331342d3036382e737667)

### CVE-2014-6321 (MS14-066)

> Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."

* **Analyse**
  * <http://bobao.360.cn/learning/detail/114.html>
  * <https://wooyun.js.org/drops/CVE-2014-6321%20schannel%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.html>
  * <https://www.freebuf.com/vuls/52110.html>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-066> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/anexia-it/winshock-test> : [![starts](https://camo.githubusercontent.com/82691f05168888c39be387c06ab48aded8fed81083ab0de7f95826e64bd6b352/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e657869612d69742f77696e73686f636b2d746573742e737667)](https://camo.githubusercontent.com/82691f05168888c39be387c06ab48aded8fed81083ab0de7f95826e64bd6b352/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e657869612d69742f77696e73686f636b2d746573742e737667) [![forks](https://camo.githubusercontent.com/2bd93791f9603cfeed6754290abf4c5cb96c3e9271ca95c3713a2615c2dd6583/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616e657869612d69742f77696e73686f636b2d746573742e737667)](https://camo.githubusercontent.com/2bd93791f9603cfeed6754290abf4c5cb96c3e9271ca95c3713a2615c2dd6583/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616e657869612d69742f77696e73686f636b2d746573742e737667)

### CVE-2014-4113 (MS14-058)

> win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://xz.aliyun.com/t/4456>
  * <https://b2ahex.github.io/blog/2017/06/13/4113%E5%88%86%E6%9E%90/index.html>
  * <https://www.anquanke.com/post/id/84477>
  * <https://bbs.pediy.com/thread-198194.htm>
  * <https://wooyun.js.org/drops/CVE-2014-4113%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B%E5%88%86%E6%9E%90.html>
  * <http://www.netfairy.net/?post=209>
* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2014-4113> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/sam-b/CVE-2014-4113> : [![starts](https://camo.githubusercontent.com/d57e38f91375b2fd7ea010c45f72158b70c2ac07dbf09128bcb932227b848db4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73616d2d622f4356452d323031342d343131332e737667)](https://camo.githubusercontent.com/d57e38f91375b2fd7ea010c45f72158b70c2ac07dbf09128bcb932227b848db4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f73616d2d622f4356452d323031342d343131332e737667) [![forks](https://camo.githubusercontent.com/969bf1d76b7c904a33a7449c6b66d5ebe61ebce57a67a1b15fafa191de6d847f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73616d2d622f4356452d323031342d343131332e737667)](https://camo.githubusercontent.com/969bf1d76b7c904a33a7449c6b66d5ebe61ebce57a67a1b15fafa191de6d847f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f73616d2d622f4356452d323031342d343131332e737667)
  * <https://github.com/nsxz/Exploit-CVE-2014-4113> : [![starts](https://camo.githubusercontent.com/4f9c81e9b90d2bf3dcd66d2ddc45a5d5bfd26b8ad655adf653eba14f27112c94/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e73787a2f4578706c6f69742d4356452d323031342d343131332e737667)](https://camo.githubusercontent.com/4f9c81e9b90d2bf3dcd66d2ddc45a5d5bfd26b8ad655adf653eba14f27112c94/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6e73787a2f4578706c6f69742d4356452d323031342d343131332e737667) [![forks](https://camo.githubusercontent.com/3e3b31c0a42a0147e662ccbf4a09880d64b820bd598aa5c40e3599bb734c77fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e73787a2f4578706c6f69742d4356452d323031342d343131332e737667)](https://camo.githubusercontent.com/3e3b31c0a42a0147e662ccbf4a09880d64b820bd598aa5c40e3599bb734c77fd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6e73787a2f4578706c6f69742d4356452d323031342d343131332e737667)
  * <https://github.com/johnjohnsp1/CVE-2014-4113> : [![starts](https://camo.githubusercontent.com/6fdd91944e49d6035733bad8f080207658aaf09d5375eaecbc1d0ef60ef72b99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6f686e6a6f686e7370312f4356452d323031342d343131332e737667)](https://camo.githubusercontent.com/6fdd91944e49d6035733bad8f080207658aaf09d5375eaecbc1d0ef60ef72b99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6a6f686e6a6f686e7370312f4356452d323031342d343131332e737667) [![forks](https://camo.githubusercontent.com/b06857119e299a8a7cf2c2453fcdf5f1114e72871bf1d35588c3adbbac920d91/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6f686e6a6f686e7370312f4356452d323031342d343131332e737667)](https://camo.githubusercontent.com/b06857119e299a8a7cf2c2453fcdf5f1114e72871bf1d35588c3adbbac920d91/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6a6f686e6a6f686e7370312f4356452d323031342d343131332e737667)
  * <https://github.com/wikiZ/cve-2014-4113> : [![starts](https://camo.githubusercontent.com/e451f0c43ae6500c596efbda8e9371edba46de6c2847632ac679a1ff547625c9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77696b695a2f6376652d323031342d343131332e737667)](https://camo.githubusercontent.com/e451f0c43ae6500c596efbda8e9371edba46de6c2847632ac679a1ff547625c9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f77696b695a2f6376652d323031342d343131332e737667) [![forks](https://camo.githubusercontent.com/f63f5217b4e4863b104477228a9bb8c2bf83406a14a439a106dea5eedce51f0a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77696b695a2f6376652d323031342d343131332e737667)](https://camo.githubusercontent.com/f63f5217b4e4863b104477228a9bb8c2bf83406a14a439a106dea5eedce51f0a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f77696b695a2f6376652d323031342d343131332e737667)

### CVE-2014-4076 (MS14-070)

> Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://bbs.pediy.com/thread-198600.htm>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-070> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2014-4076> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/dev-zzo/exploits-nt-privesc/MS14-070> : [![starts](https://camo.githubusercontent.com/0351968a0bd7147cc2af112327cf08f0887325ca91abc056deb18d753df29c1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667)](https://camo.githubusercontent.com/0351968a0bd7147cc2af112327cf08f0887325ca91abc056deb18d753df29c1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667) [![forks](https://camo.githubusercontent.com/512bd1aca22370c891ffd07fa737745d707dbf44133b7909a5a91723e4f1ddc1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667)](https://camo.githubusercontent.com/512bd1aca22370c891ffd07fa737745d707dbf44133b7909a5a91723e4f1ddc1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667)
  * <https://github.com/fungoshacks/CVE-2014-4076> : [![starts](https://camo.githubusercontent.com/7f3a7f4a0e7f0f31b8812f4baf73e210de343cd3c99e3e82dc21c9bd4685d59a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66756e676f736861636b732f4356452d323031342d343037362e737667)](https://camo.githubusercontent.com/7f3a7f4a0e7f0f31b8812f4baf73e210de343cd3c99e3e82dc21c9bd4685d59a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f66756e676f736861636b732f4356452d323031342d343037362e737667) [![forks](https://camo.githubusercontent.com/1cb9afa427ca1fe753e1a7c5706228a883575230b55ecc6c14e70bd89461a6e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f66756e676f736861636b732f4356452d323031342d343037362e737667)](https://camo.githubusercontent.com/1cb9afa427ca1fe753e1a7c5706228a883575230b55ecc6c14e70bd89461a6e0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f66756e676f736861636b732f4356452d323031342d343037362e737667)

### CVE-2014-1767 (MS14-040)

> Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

* **Analyse**
  * <https://xz.aliyun.com/t/6770>
  * <https://www.bbsmax.com/A/E35p6R28zv/>
* **Exp**
  * <https://www.exploit-db.com/exploits/39446/>
  * <https://www.exploit-db.com/exploits/39525/>
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-040> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2014-1767> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2013

### CVE-2013-5065 (MS14-002)

> NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

* **Analyse**
  * <https://bbs.pediy.com/thread-182135.htm>
* **Exp**
  * <https://www.exploit-db.com/exploits/37732/>
  * <https://github.com/dev-zzo/exploits-nt-privesc/tree/master/MS14-002> : [![starts](https://camo.githubusercontent.com/0351968a0bd7147cc2af112327cf08f0887325ca91abc056deb18d753df29c1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667)](https://camo.githubusercontent.com/0351968a0bd7147cc2af112327cf08f0887325ca91abc056deb18d753df29c1f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667) [![forks](https://camo.githubusercontent.com/512bd1aca22370c891ffd07fa737745d707dbf44133b7909a5a91723e4f1ddc1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667)](https://camo.githubusercontent.com/512bd1aca22370c891ffd07fa737745d707dbf44133b7909a5a91723e4f1ddc1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6465762d7a7a6f2f6578706c6f6974732d6e742d707269766573632e737667)
  * <https://github.com/Friarfukd/RobbinHood> : [![starts](https://camo.githubusercontent.com/45b1905eac3bd3e1b9659587d6de6d73bdd496c3fe7879049d4bbcb8fe4f9234/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f467269617266756b642f526f6262696e486f6f642e737667)](https://camo.githubusercontent.com/45b1905eac3bd3e1b9659587d6de6d73bdd496c3fe7879049d4bbcb8fe4f9234/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f467269617266756b642f526f6262696e486f6f642e737667) [![forks](https://camo.githubusercontent.com/6c0fb593698398bcaf2e89c407757402bd153e3f5c2dc4c053149a4b1f7b3417/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f467269617266756b642f526f6262696e486f6f642e737667)](https://camo.githubusercontent.com/6c0fb593698398bcaf2e89c407757402bd153e3f5c2dc4c053149a4b1f7b3417/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f467269617266756b642f526f6262696e486f6f642e737667)

### CVE-2013-1345 (MS13-053)

> win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS13-053> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2013-1345> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2013-1332 (MS13-046)

> dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."

* **Analyse**
  * <https://www.anquanke.com/vul/id/1045064>
  * <http://www.91ri.org/6708.html>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS13-046> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2013-1332> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2013-1300 (MS13-053)

> win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."

* **Analyse**
  * <https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up---kernel-exploit/>
* **Exp**
  * <https://github.com/Meatballs1/cve-2013-1300> : [![starts](https://camo.githubusercontent.com/3aa5a14d21881ef53f0586a6ff6d3a04c7690b567223ad97fe720b55993641cf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d65617462616c6c73312f6376652d323031332d313330302e737667)](https://camo.githubusercontent.com/3aa5a14d21881ef53f0586a6ff6d3a04c7690b567223ad97fe720b55993641cf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4d65617462616c6c73312f6376652d323031332d313330302e737667) [![forks](https://camo.githubusercontent.com/9895d817b60396184ff9dcb4611e717e9c347dadbdd9864aaba268954e4201e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d65617462616c6c73312f6376652d323031332d313330302e737667)](https://camo.githubusercontent.com/9895d817b60396184ff9dcb4611e717e9c347dadbdd9864aaba268954e4201e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4d65617462616c6c73312f6376652d323031332d313330302e737667)

### CVE-2013-0008 (MS13-005)

> win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS13-005> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2013-0008> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2012

### CVE-2012-0217 (MS12-042)

> The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS12-042> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2012-0217> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2012-0152 (MS12-020)

> The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS12-020> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/rutvijjethwa/RDP_jammer> : [![starts](https://camo.githubusercontent.com/d32c783dfc3cfec48aa2a595e044f17ee3ffecb6639e8b1378590360bab611f8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f72757476696a6a65746877612f5244505f6a616d6d65722e737667)](https://camo.githubusercontent.com/d32c783dfc3cfec48aa2a595e044f17ee3ffecb6639e8b1378590360bab611f8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f72757476696a6a65746877612f5244505f6a616d6d65722e737667) [![forks](https://camo.githubusercontent.com/0f0791dd8309c52278dc4db441e4a8be4f878d0d092c7fb17c554e3512e7c82d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f72757476696a6a65746877612f5244505f6a616d6d65722e737667)](https://camo.githubusercontent.com/0f0791dd8309c52278dc4db441e4a8be4f878d0d092c7fb17c554e3512e7c82d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f72757476696a6a65746877612f5244505f6a616d6d65722e737667)
  * <https://github.com/anmolksachan/MS12-020> : [![starts](https://camo.githubusercontent.com/2916513664e28a686f7db2fd3ac3559ce9bf472075adb02b0027eb4dd796fdc5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e6d6f6c6b73616368616e2f4d5331322d3032302e737667)](https://camo.githubusercontent.com/2916513664e28a686f7db2fd3ac3559ce9bf472075adb02b0027eb4dd796fdc5/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e6d6f6c6b73616368616e2f4d5331322d3032302e737667) [![forks](https://camo.githubusercontent.com/63995fc524426bb1f878f8ad88eadd41f627b334b98ea5f5f618026e7d9fd541/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616e6d6f6c6b73616368616e2f4d5331322d3032302e737667)](https://camo.githubusercontent.com/63995fc524426bb1f878f8ad88eadd41f627b334b98ea5f5f618026e7d9fd541/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616e6d6f6c6b73616368616e2f4d5331322d3032302e737667)

### CVE-2012-0002 (MS12-020)

> The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS12-020> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)

## 2011

### CVE-2011-2005 (MS11-080)

> afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

* **Analyse**
  * <http://qq53.github.io/1500623869.html>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-080> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2011-2005> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2011-1974 (MS11-062)

> NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-062> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2011-1974> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2011-1249 (MS11-046)

> The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

* **Analyse**
  * github <https://github.com/Madusanka99/OHTS/blob/master/IT16075504%20-OHTS%20Report.pdf>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-046> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2011-1249> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2011-1237 (MS11-034)

> Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."

* **Analyse**
  * <https://lse.epita.fr/lse-summer-week-2013/slides/lse-summer-week-2013-26-Bruno%20Pujos-A%20Look%20into%20the%20Windows%20Kernel.pdf>
* **Exp**
  * <https://github.com/BrunoPujos/CVE-2011-1237> : [![starts](https://camo.githubusercontent.com/7d0b0ccea8f86bea66801c809f4cc4a63870212bd1b5acf838ce3f839be9f3f7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4272756e6f50756a6f732f4356452d323031312d313233372e737667)](https://camo.githubusercontent.com/7d0b0ccea8f86bea66801c809f4cc4a63870212bd1b5acf838ce3f839be9f3f7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4272756e6f50756a6f732f4356452d323031312d313233372e737667) [![forks](https://camo.githubusercontent.com/d6b92bf02b2cfe65d6c7a7526577fddd65f054f37c732a2621775de8d0acce64/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4272756e6f50756a6f732f4356452d323031312d313233372e737667)](https://camo.githubusercontent.com/d6b92bf02b2cfe65d6c7a7526577fddd65f054f37c732a2621775de8d0acce64/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4272756e6f50756a6f732f4356452d323031312d313233372e737667)

### CVE-2011-0045 (MS11-011)

> The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."

* **Analyse**
  * <https://blog.csdn.net/QEver/article/details/6227415>
  * <https://www.geek-share.com/detail/2510409740.html>
  * <https://bbs.pediy.com/thread-130487.htm>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-011> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)

## 2010

### CVE-2010-3338 (MS10-092)

> The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-092> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2010-3338> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2010-2730 (MS10-065)

> Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

* **Analyse**
  * <https://blog.51cto.com/gnaw0725/1635204>
  * <https://www.youtube.com/watch?v=23Mtx1F_CM0>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-065> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)

### CVE-2010-2554 (MS10-059)

> The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-059> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)

### CVE-2010-1897 (MS10-048)

> The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."

* **Exp**
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2010-1897> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2010-1887 (MS10-048)

> The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-048> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)

### CVE-2010-0270 (MS10-020)

> he SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-012/MS10-020.py> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2010-0270> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2010-0233 (MS10-015)

> Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-015> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2010-0233> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2010-0020 (MS10-012)

> The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS10-012/MS10-012.txt> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)

## 2009

### CVE-2009-2532 (MS09-050)

> Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."

* **Analyse**
  * <https://www.giantbranch.cn/2017/08/26/Educatedscholar%E5%88%A9%E7%94%A8%E7%9A%84%E6%BC%8F%E6%B4%9Ems09-050%E5%88%86%E6%9E%90%E5%8F%8A%E5%85%B6%E5%88%A9%E7%94%A8%E7%9A%84shellcode%E5%88%86%E6%9E%90%E5%8F%8A%E4%B8%8Emsf%E5%88%A9%E7%94%A8%E5%AF%B9%E6%AF%94/>
  * <https://zhuanlan.zhihu.com/p/27155431>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS09-050> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2009-2532> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/mazding/ms09050> : [![starts](https://camo.githubusercontent.com/2c039f2903a321a116418af20b59eef65848db70769643d36c542ccd76199228/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d617a64696e672f6d7330393035302e737667)](https://camo.githubusercontent.com/2c039f2903a321a116418af20b59eef65848db70769643d36c542ccd76199228/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6d617a64696e672f6d7330393035302e737667) [![forks](https://camo.githubusercontent.com/f90334636ebf583c2e900cbf09c7e66394d6a967738919c23e27902fa3689594/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d617a64696e672f6d7330393035302e737667)](https://camo.githubusercontent.com/f90334636ebf583c2e900cbf09c7e66394d6a967738919c23e27902fa3689594/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6d617a64696e672f6d7330393035302e737667)

### CVE-2009-1535 (MS09-020)

> The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

* **Analyse**
  * <https://www.twblogs.net/a/5b96d7fd2b717750bda69ce9>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS09-020> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2009-1535> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2009-0229 (MS09-022)

> The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

* **PoC**
  * <https://github.com/zveriu/CVE-2009-0229-PoC> : [![starts](https://camo.githubusercontent.com/78e746a4899fa2a2bc5b57731b33146fa898d24fc9d661180fb343b2f7c155c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a76657269752f4356452d323030392d303232392d506f432e737667)](https://camo.githubusercontent.com/78e746a4899fa2a2bc5b57731b33146fa898d24fc9d661180fb343b2f7c155c2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a76657269752f4356452d323030392d303232392d506f432e737667) [![forks](https://camo.githubusercontent.com/dc025013c5cbbd0b123ab997184f962c0b3ea2a855556e9ce86bc2bd51c27921/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a76657269752f4356452d323030392d303232392d506f432e737667)](https://camo.githubusercontent.com/dc025013c5cbbd0b123ab997184f962c0b3ea2a855556e9ce86bc2bd51c27921/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a76657269752f4356452d323030392d303232392d506f432e737667)

### CVE-2009-0079 (MS09-012)

> The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."

* **Analyse**
  * <https://xz.aliyun.com/t/8091>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS09-012> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2009-0079> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2008

### CVE-2008-4250 (MS08-067)

> The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

* **Analyse**
  * <https://bbs.pediy.com/thread-251219.htm>
  * <https://www.jianshu.com/p/d086eb1ab0a6>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS08-067> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2008-4250> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)
  * <https://github.com/andyacer/ms08_067> : [![starts](https://camo.githubusercontent.com/8864c1ed03412abf3b2699e453ef4b9d2045036312ba652200260958512a5892/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e6479616365722f6d7330385f3036372e737667)](https://camo.githubusercontent.com/8864c1ed03412abf3b2699e453ef4b9d2045036312ba652200260958512a5892/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f616e6479616365722f6d7330385f3036372e737667) [![forks](https://camo.githubusercontent.com/f6d0f074025051de5a9be2d6370f8b437b1b4bb75e95e0cba7179458d4ba5bb6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616e6479616365722f6d7330385f3036372e737667)](https://camo.githubusercontent.com/f6d0f074025051de5a9be2d6370f8b437b1b4bb75e95e0cba7179458d4ba5bb6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f616e6479616365722f6d7330385f3036372e737667)
  * <https://github.com/dnkls/ms08-067automation> : [![starts](https://camo.githubusercontent.com/5c9f75e1df78f630921778db14fd5adde38810c82476581696fb6627353a7917/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646e6b6c732f6d7330382d3036376175746f6d6174696f6e2e737667)](https://camo.githubusercontent.com/5c9f75e1df78f630921778db14fd5adde38810c82476581696fb6627353a7917/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646e6b6c732f6d7330382d3036376175746f6d6174696f6e2e737667) [![forks](https://camo.githubusercontent.com/6c72b0d912df3f9e17b87ca9c8496d68b6e2fd222639b0aabc6fc3fd08cc7e15/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f646e6b6c732f6d7330382d3036376175746f6d6174696f6e2e737667)](https://camo.githubusercontent.com/6c72b0d912df3f9e17b87ca9c8496d68b6e2fd222639b0aabc6fc3fd08cc7e15/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f646e6b6c732f6d7330382d3036376175746f6d6174696f6e2e737667)

### CVE-2008-4037 (MS08-068)

> Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.

* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS08-068> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2008-4037> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2008-3464 (MS08-066)

> afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

* **Analyse**
  * <https://bbs.pediy.com/thread-74811.htm>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS08-066> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2008-3464> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

### CVE-2008-1084 (MS08-025)

> Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.

* **Analyse**
  * github <https://github.com/lyshark/Windows-exploits/blob/master/Windows%20%E5%86%85%E6%A0%B8%E6%BC%8F%E6%B4%9E%20ms08025%20%E5%88%86%E6%9E%90.7z>
  * <https://bbs.pediy.com/thread-63099.htm>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS08-025> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2008-1084> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2007

### CVE-2007-0843

> The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

* **Exp**
  * <https://github.com/z3APA3A/spydir> : [![starts](https://camo.githubusercontent.com/d52fb6f367a05e930c7011273be7db3fef5cef27a3ede73285a486daf0aaa369/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a3341504133412f7370796469722e737667)](https://camo.githubusercontent.com/d52fb6f367a05e930c7011273be7db3fef5cef27a3ede73285a486daf0aaa369/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f7a3341504133412f7370796469722e737667) [![forks](https://camo.githubusercontent.com/05af8844d5ea790c3df07838b1916222521bd3e11ac45f15006646981ffaa616/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a3341504133412f7370796469722e737667)](https://camo.githubusercontent.com/05af8844d5ea790c3df07838b1916222521bd3e11ac45f15006646981ffaa616/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f7a3341504133412f7370796469722e737667)

### CVE-2007-0038

> Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

* **PoC**
  * <https://github.com/Axua/CVE-2007-0038> : [![starts](https://camo.githubusercontent.com/077615f0ce4dc4064ae67b4a1cadad71794cc4188d041663b8e09349c8998f47/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f417875612f4356452d323030372d303033382e737667)](https://camo.githubusercontent.com/077615f0ce4dc4064ae67b4a1cadad71794cc4188d041663b8e09349c8998f47/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f417875612f4356452d323030372d303033382e737667) [![forks](https://camo.githubusercontent.com/1bde26d15c04ac8bb53da115817a8deb9be72a5987d502197c0820e394e03fcf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f417875612f4356452d323030372d303033382e737667)](https://camo.githubusercontent.com/1bde26d15c04ac8bb53da115817a8deb9be72a5987d502197c0820e394e03fcf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f417875612f4356452d323030372d303033382e737667)
  * <https://github.com/Cheesse/cve2007-0038x64> : [![starts](https://camo.githubusercontent.com/23807331139588b90547cfa701c92b1cc1f5f8bc97c0cd95a40d7a83a2b8d93c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f436865657373652f637665323030372d303033387836342e737667)](https://camo.githubusercontent.com/23807331139588b90547cfa701c92b1cc1f5f8bc97c0cd95a40d7a83a2b8d93c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f436865657373652f637665323030372d303033387836342e737667) [![forks](https://camo.githubusercontent.com/4a8069d04fdcad251942a05539b55bdcd98f7f739b7f9a7e8350f61f56adc5fb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f436865657373652f637665323030372d303033387836342e737667)](https://camo.githubusercontent.com/4a8069d04fdcad251942a05539b55bdcd98f7f739b7f9a7e8350f61f56adc5fb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f436865657373652f637665323030372d303033387836342e737667)

## 2006

### CVE-2006-3439 (MS06-040)

> Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

* **Analyse**
  * <http://www.atomsec.org/%E5%AE%89%E5%85%A8/ms06-040cve-2006-3439%E9%9D%99%E6%80%81%E5%88%86%E6%9E%90/>
  * <https://bbs.pediy.com/thread-266157.htm>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS06-040> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2006-3439> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2005

### CVE-2005-1983 (MS05-039)

> Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

* **Analyse**
  * <https://blog.csdn.net/tomqq/article/details/1951128>
* **Exp**
  * <https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS05-039> : [![starts](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/ed4a353467f070cfd0af05a19cc6ad169f925cda3fcdde21664d1387edc44bcb/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)](https://camo.githubusercontent.com/bce5d791dba404839bcfa5f16d8ce8673250873f22450b1085953225bfac4a99/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f53656357696b692f77696e646f77732d6b65726e656c2d6578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2005-1983> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2003

### CVE-2003-0352 (MS03-026)

> Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

* **Analyse**
  * <https://blog.51cto.com/executer/2174779>
* **Exp**
  * <https://github.com/abatchy17/WindowsExploits/tree/master/MS03-026> : [![starts](https://camo.githubusercontent.com/afd92b4d91e8f2194d07a4d6ae0bba5830748706427483708c8c847420b86050/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6162617463687931372f57696e646f77734578706c6f6974732e737667)](https://camo.githubusercontent.com/afd92b4d91e8f2194d07a4d6ae0bba5830748706427483708c8c847420b86050/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6162617463687931372f57696e646f77734578706c6f6974732e737667) [![forks](https://camo.githubusercontent.com/092f5533a4892310b6d149e9a68b0282a1dcdb13798791276eeee6f53b8c638d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6162617463687931372f57696e646f77734578706c6f6974732e737667)](https://camo.githubusercontent.com/092f5533a4892310b6d149e9a68b0282a1dcdb13798791276eeee6f53b8c638d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f6162617463687931372f57696e646f77734578706c6f6974732e737667)
  * <https://github.com/Ascotbe/Kernelhub/tree/master/CVE-2003-0352> : [![starts](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/569d3339a1a40ee11aa216a4a52b50999608ff0af48706275b4eddee860619a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f4173636f7462652f4b65726e656c6875622e737667) [![forks](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)](https://camo.githubusercontent.com/d1d02bb607b0a21f44e1509f3e6f85c441c8514fd663e78a4cd25c10b5329569/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f4173636f7462652f4b65726e656c6875622e737667)

## 2000

### CVE-2000-0979

> File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.

* **Exp**
  * <https://github.com/Z6543/CVE-2000-0979> : [![starts](https://camo.githubusercontent.com/1d9e8573a7fa11d672ee1d4a7f8c24294af55d21975accc4a7c47bca1d4b823d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a363534332f4356452d323030302d303937392e737667)](https://camo.githubusercontent.com/1d9e8573a7fa11d672ee1d4a7f8c24294af55d21975accc4a7c47bca1d4b823d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f5a363534332f4356452d323030302d303937392e737667) [![forks](https://camo.githubusercontent.com/d9ebdeee294923f1dc060151017ee2beab719b35f9fc4726cafd9b83ddaa0dc7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a363534332f4356452d323030302d303937392e737667)](https://camo.githubusercontent.com/d9ebdeee294923f1dc060151017ee2beab719b35f9fc4726cafd9b83ddaa0dc7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f5a363534332f4356452d323030302d303937392e737667)