A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys, can allow an attacker to inject controlled memory into an arbitrary location within the kernel.
a10f3a60dd5ca145c224a448fbe2a59eb98a01bc4f0e54ff4952738ca7c1e8d5
The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges. Proof of concept exploit included.
9d61f1a5823955c19741ad2d57e256f3641cf2f035e04e442eac8b77fd3054ea