Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-117599 EXPLOITDB ruby WORKING POC
Millenium MP3 Studio 2.0 - '.pls' Local Stack Buffer Overflow (Metasploit)
CVE-2014-1761 EXPLOITDB HIGH ruby WORKING POC
Microsoft Word <2013 - Memory Corruption
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
CVSS 7.8
CVE-2010-3333 EXPLOITDB HIGH ruby WORKING POC
Microsoft Office - Buffer Overflow
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
CVSS 7.8
CVE-2016-0051 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows 10 - Access Control
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2016-0099 EXPLOITDB HIGH ruby WORKING POC
MS16-032 Secondary Logon Handle Privilege Escalation
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2019-0841 EXPLOITDB HIGH ruby WORKING POC
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
CVSS 7.8
EIP-2026-117555 EXPLOITDB ruby WORKING POC
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
EIP-2026-117554 EXPLOITDB ruby WORKING POC
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
EIP-2026-117553 EXPLOITDB ruby WORKING POC
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
EIP-2026-117552 EXPLOITDB ruby WORKING POC
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
EIP-2026-117541 EXPLOITDB ruby WORKING POC
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
EIP-2026-117540 EXPLOITDB ruby WORKING POC
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
EIP-2026-117538 EXPLOITDB ruby WORKING POC
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
EIP-2026-117537 EXPLOITDB ruby WORKING POC
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
CVE-2013-3881 EXPLOITDB ruby WORKING POC
Microsoft Windows 7 - Resource Management Error
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
CVE-2014-4113 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2010-3888 EXPLOITDB ruby WORKING POC
Microsoft Windows - Privilege Escalation
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
CVE-2018-8120 EXPLOITDB HIGH ruby WORKING POC
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
CVSS 7.0
EIP-2026-117536 EXPLOITDB ruby WORKING POC
Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)
CVE-2018-8897 EXPLOITDB HIGH ruby WORKING POC
Intel 64 and IA-32 Architectures - Privilege Escalation
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH ruby WORKING POC
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH ruby WORKING POC
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
CVSS 7.8
CVE-2018-8453 EXPLOITDB HIGH ruby WORKING POC
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS 7.8
CVE-2016-3225 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows 10 - Access Control
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
CVSS 7.8
EIP-2026-117534 EXPLOITDB ruby WORKING POC
Microsoft Windows - Manage Memory Payload Injection (Metasploit)