CVE-2019-9729

HIGH

Shanda MapleStory Online V160 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-9729. PoCs published by HyperSine, recozone.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2019-9729, a local privilege escalation vulnerability in SdoKeyCrypt.sys, a driver used by MapleStory Online. The exploit leverages a heap underflow in the IRP_MJ_DEVICE_CONTROL handler to achieve kernel-mode code execution via heap spraying.

Description

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

Exploits (2)

nomisec WORKING POC 83 stars
by HyperSine · poc
https://github.com/HyperSine/SdoKeyCrypt-sys-local-privilege-elevation

This repository contains a working PoC for CVE-2019-9729, a local privilege escalation vulnerability in SdoKeyCrypt.sys, a driver used by MapleStory Online. The exploit leverages a heap underflow in the IRP_MJ_DEVICE_CONTROL handler to achieve kernel-mode code execution via heap spraying.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: SdoKeyCrypt.sys (MapleStory Online keyboard protection driver)
No auth needed
Prerequisites: SdoKeyCrypt.sys must be loaded · Windows 10 (tested on 1709 and 1803)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by recozone · poc
https://github.com/recozone/HyperSine

This repository is a README-only writeup referencing CVE-2019-9729, a local privilege escalation vulnerability, and points to another GitHub repository for the actual exploit code. No functional exploit code is present in this repository.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: SdoKeyCrypt.sys (version not specified)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable SdoKeyCrypt.sys driver
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0105
EPSS Percentile 60.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-129 CWE-787
Status published
Products (1)
shanda/maplestory_online 160.0
Published Mar 12, 2019
Tracked Since Feb 18, 2026