CVE-2017-15303

HIGH EXPLOITED IN THE WILD

CPUID CPU-Z < 1.42 - Unauthenticated Arbitrary Memory Write via ioctl 0x9C402430

Title source: llm

Exploitation Summary

CVE-2017-15303 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including hfiref0x, The-Real-TechLord.

AI-analyzed exploit summary Stryker is a multi-purpose PoC tool leveraging CVE-2017-15303 (CPU-Z driver vulnerability) to bypass Driver Signature Enforcement, hijack protected processes, and load unsigned drivers into kernel mode. It uses physical memory manipulation and shellcode injection via SysInternals Process Explorer driver.

Description

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).

Exploits (2)

nomisec WORKING POC 110 stars

by hfiref0x · local

https://github.com/hfiref0x/Stryker

View Code ZIP pw:eip

Stryker is a multi-purpose PoC tool leveraging CVE-2017-15303 (CPU-Z driver vulnerability) to bypass Driver Signature Enforcement, hijack protected processes, and load unsigned drivers into kernel mode. It uses physical memory manipulation and shellcode injection via SysInternals Process Explorer driver.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Windows 7/8/8.1/10 (x64) with CPU-Z driver 1.41 and Process Explorer driver 1.52

Auth required

Prerequisites: Administrative privileges · Presence of vulnerable CPU-Z driver (cpuz141.sys) · SysInternals Process Explorer driver (procexp152.sys)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control T1055.001 - Dynamic-link Library Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WORKING POC

by The-Real-TechLord · poc

https://gitlab.com/The-Real-TechLord/Stryker

View Code ZIP pw:eip

Stryker is a multi-purpose proof-of-concept tool that exploits CVE-2017-15303 in CPU-Z's driver to achieve kernel-level memory manipulation, including disabling Driver Signature Enforcement, hijacking protected processes, and loading unsigned drivers. It leverages physical memory read/write capabilities via the vulnerable CPU-Z driver (version 1.41) and SysInternals Process Explorer driver (version 1.52) for shellcode execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: CPU-Z driver (version 1.41) and SysInternals Process Explorer driver (version 1.52) on Windows 7/8/8.1/10 (x64)

Auth required

Prerequisites: Administrative privileges · Presence of cpuz141.sys and procexp152.sys in the same directory · x64 Windows 7/8/8.1/10

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15303/README.md

Scores

CVSS v3 7.8

EPSS 0.0153

EPSS Percentile 71.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-12-13

InTheWild.io 2021-12-13

CWE

CWE-787

Status published

Products (1)

cpuid/cpu-z < 1.42

Published Oct 16, 2017

Tracked Since Feb 18, 2026