CVE-2009-4832

DESlock+ 4.0.2 - Local Privilege Escalation via IOCTL 0x80012010 Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4832. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a local kernel vulnerability in DESlock+ 4.0.2 (dlpcrypt.sys 0.1.1.27) to escalate privileges to SYSTEM by manipulating kernel mode pointers via IOCTL calls. It includes shellcode for token stealing on Windows XP and Windows Server 2003.

Description

The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · clocalwindows

https://www.exploit-db.com/exploits/8983

View Code ZIP pw:eip

This exploit targets a local kernel vulnerability in DESlock+ 4.0.2 (dlpcrypt.sys 0.1.1.27) to escalate privileges to SYSTEM by manipulating kernel mode pointers via IOCTL calls. It includes shellcode for token stealing on Windows XP and Windows Server 2003.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: DESlock+ 4.0.2 (dlpcrypt.sys 0.1.1.27)

No auth needed

Prerequisites: Local access to the target system · DESlock+ 4.0.2 with vulnerable dlpcrypt.sys driver loaded

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/8983

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35501

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022427

Scores

EPSS 0.0083

EPSS Percentile 52.5%

Details

CWE

CWE-264

Status published

Products (1)

deslock/deslock\+ 4.0.2

Published Apr 29, 2010

Tracked Since Feb 18, 2026