Exploitation Summary
CVE-2014-4113 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 4, 2022.
EIP tracks 12 public exploits from researchers including ryujin, Metasploit, MWR InfoSecurity, including a Metasploit module exploits/windows/local/ms14_058_track_popup_menu.
AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Windows 8.0-8.1 x64 via the TrackPopupMenu function (CVE-2014-4113). It uses shellcode to spawn a command prompt with elevated privileges by manipulating menu structures and hooking window procedures.
Description
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
Exploits (12)
This exploit leverages a privilege escalation vulnerability in Windows 8.0-8.1 x64 via the TrackPopupMenu function (CVE-2014-4113). It uses shellcode to spawn a command prompt with elevated privileges by manipulating menu structures and hooking window procedures.
This Metasploit module exploits a NULL pointer dereference in win32k.sys via TrackPopupMenu to achieve arbitrary code execution. It supports both 32-bit and 64-bit Windows systems (XP, 2003, 7, 2008) and uses reflective DLL injection for payload delivery.
The provided content references a detailed technical analysis and exploit code for CVE-2014-4113, a Windows kernel vulnerability. It includes links to a PDF writeup and GitHub repository, but the actual exploit code is hosted externally in a bin-sploits archive.
The code is a proof-of-concept exploit for CVE-2014-4113, targeting a Windows kernel vulnerability. It includes shellcode and functions to manipulate system handles and processes, likely for privilege escalation.
This exploit targets CVE-2014-4113, a Windows kernel vulnerability, by manipulating menu window messages to achieve arbitrary code execution. It includes token-stealing shellcode for local privilege escalation (LPE) on Windows 7 SP1 x86 systems.
This is a functional privilege escalation exploit for CVE-2014-4113, targeting Windows XP and Windows 7 x86 systems. It leverages a kernel vulnerability to replace a process token with a SYSTEM token, achieving local privilege escalation.
This PowerShell script reflectively loads a DLL/EXE into memory, bypassing process monitoring and disk-based detection. It supports remote execution and can inject DLLs into remote processes, making it useful for post-exploitation activities.
This repository contains a functional proof-of-concept exploit for CVE-2014-4113, a Windows kernel vulnerability. The exploit leverages a callback mechanism to manipulate window messages and trigger a use-after-free condition, demonstrating the vulnerability in a controlled manner.
This Metasploit module exploits a NULL pointer dereference in win32k.sys via TrackPopupMenu, leading to arbitrary code execution. It supports both x86 and x64 architectures and has been tested on multiple Windows versions.
This repository contains documentation and metadata generation scripts for a collection of Windows kernel exploits, including CVE-2014-4113. It does not include actual exploit code but provides structured documentation and configuration files for organizing exploit information.
This repository contains a PowerShell script for reflectively loading DLL/EXE files into memory, which can be used to exploit CVE-2014-4113 (a Windows OLE vulnerability). The script supports remote execution and memory injection, bypassing process monitoring.
References (12)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H