CVE-2006-5758

This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2006-5758) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a buffer overflow in the handling of animated cursor files to execute arbitrary code.

This exploit demonstrates a local privilege escalation (LPE) vulnerability in Windows GDI (CVE-2006-5758) by manipulating the GDI table to overwrite a win32k.sys SSDT entry, allowing arbitrary kernel code execution. The PoC allocates memory at address 0x2, crafts a payload, and triggers the vulnerability via DeleteObject.

This exploit leverages a GDI local elevation of privilege vulnerability (CVE-2006-5758) by manipulating a palette object in the GDI shared section to execute arbitrary code in kernel mode. It hooks the GetNearestPaletteIndex function to achieve privilege escalation on unpatched Windows 2000/XP systems.