Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-1656. PoCs published by waleedassar.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2021-1656, an information disclosure vulnerability in the Windows TPM driver (tpm.sys). The exploit leverages symbolic link manipulation to disclose sensitive memory contents.
Description
TPM Device Driver Information Disclosure Vulnerability
Exploits (1)
nomisec
WORKING POC
24 stars
by waleedassar · poc
https://github.com/waleedassar/CVE-2021-1656
This repository contains a functional proof-of-concept exploit for CVE-2021-1656, an information disclosure vulnerability in the Windows TPM driver (tpm.sys). The exploit leverages symbolic link manipulation to disclose sensitive memory contents.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
Microsoft Windows TPM driver (tpm.sys)
No auth needed
Prerequisites:
Access to a vulnerable Windows system with TPM driver loaded
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1656
Scores
CVSS v3
5.5
EPSS
0.0301
EPSS Percentile
85.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (18)
microsoft/windows_10
microsoft/windows_10
20h2
microsoft/windows_10
1607
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1909
microsoft/windows_10
2004
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 8 more
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026