NDPROXY is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces (TAPI) services. The vulnerability is caused when the NDProxy.sys kernel component fails to properly validate input. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode (i.e. with SYSTEM privileges).
10347041ea74c6b447143df9dd4aa3555e238a1fcca1ba360cd0d9e113076d9d
This Metasploit module exploits a flaw in the ndproxy.sys driver on Windows XP SP3 and Windows 2003 SP2 systems, exploited in the wild in November, 2013. The vulnerability exists while processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, where user provided input is used to access an array unsafely, and the value is used to perform a call, leading to a NULL pointer dereference which is exploitable on both Windows XP and Windows 2003 systems. This Metasploit module has been tested successfully on Windows XP SP3 and Windows 2003 SP2. In order to work the service "Routing and Remote Access" must be running on the target system.
6dc1df60dff4c2b60d7508a57233b6b3e7f565f218bceb0acc2a53045b172ce0
Microsoft Windows NDPROXY local SYSTEM privilege escalation exploit.
dd6bdb68bcaccda8d1acd0e40e21c622c59fee9f99c088434f4131899b2cdfed