CVE-2007-3681

WinPcap - Memory Corruption via IOCTL 9031 BIOCGSTATS Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3681. PoCs published by Mario Ballano BÃ¡rcena.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in WinPcap's NPF.SYS driver (CVE-2007-3681). It manipulates the driver's IOCTL handling to overwrite kernel memory, achieving arbitrary code execution in kernel mode via a crafted shellcode.

Description

The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mario Ballano BÃ¡rcena · clocalwindows

https://www.exploit-db.com/exploits/4165

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in WinPcap's NPF.SYS driver (CVE-2007-3681). It manipulates the driver's IOCTL handling to overwrite kernel memory, achieving arbitrary code execution in kernel mode via a crafted shellcode.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: WinPcap versions 4.0 and prior

No auth needed

Prerequisites: WinPcap driver loaded (e.g., after using Wireshark) · Non-admin user access

MITRE ATT&CK