CVE-2014-4076

Related Files

Windows tcpip.sys Arbitrary Write Privilege Escalation

Posted Feb 5, 2015

Authored by Matt Bergin, Jay Smith | Site metasploit.com

A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys, can allow an attacker to inject controlled memory into an arbitrary location within the kernel.

tags | exploit, arbitrary, kernel, tcp, protocol

advisories | CVE-2014-4076

SHA-256 | a10f3a60dd5ca145c224a448fbe2a59eb98a01bc4f0e54ff4952738ca7c1e8d5

Download | Favorite | View

Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation

Posted Jan 29, 2015

Authored by Matthew Bergin

The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges. Proof of concept exploit included.

tags | exploit, tcp, proof of concept

systems | windows

advisories | CVE-2014-4076

SHA-256 | 9d61f1a5823955c19741ad2d57e256f3641cf2f035e04e442eac8b77fd3054ea

Download | Favorite | View