CVE-2004-1748

sysinternals regmon < 6.11 - Denial of Service via Invalid Hook Function Pointers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1748. PoCs published by Next Generation Security.

AI-analyzed exploit summary This exploit triggers a local denial of service in Regmon (up to version 6.11) by passing NULL pointers to the ZwSetValueKey function, causing the application to crash. It leverages a lack of input validation in the kernel function handling.

Description

NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Next Generation Security · cdoswindows

https://www.exploit-db.com/exploits/24411

View Code ZIP pw:eip

This exploit triggers a local denial of service in Regmon (up to version 6.11) by passing NULL pointers to the ZwSetValueKey function, causing the application to crash. It leverages a lack of input validation in the kernel function handling.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Regmon 6.11 for NT/9x and prior

No auth needed

Prerequisites: Local access to the target system · Regmon running with vulnerable version

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11042

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109345177124374&w=2

Exploit x_refsource_misc

http://www.ngsec.com/docs/advisories/NGSEC-2004-7.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17106

Scores

EPSS 0.0082

EPSS Percentile 52.3%

Details

Status published

Products (1)

sysinternals/regmon < 6.11

Published Dec 31, 2004

Tracked Since Feb 18, 2026