CVE-2021-27965

CRITICAL

MSI Dragon Center <2.0.98.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-27965. PoCs published by mathisvickie, fengjixuchui, Jeromeyoung.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-27965, a stack-based buffer overflow in the MsIo driver. The exploit leverages ROP gadgets to achieve arbitrary memory writes and ultimately escalate privileges.

Description

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Exploits (3)

nomisec WORKING POC 12 stars

by mathisvickie · poc

https://github.com/mathisvickie/CVE-2021-27965

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-27965, a stack-based buffer overflow in the MsIo driver. The exploit leverages ROP gadgets to achieve arbitrary memory writes and ultimately escalate privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: MsIo driver (likely a specific version of Windows)

No auth needed

Prerequisites: Access to the vulnerable MsIo driver · Ability to execute code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by fengjixuchui · poc

https://github.com/fengjixuchui/CVE-2021-27965

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-27965, a buffer overflow in the MsIo64.sys driver allowing local privilege escalation via crafted IOCTL requests. The exploit includes a kernel payload and demonstrates the vulnerability on Windows 7 SP1 64-bit.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Dragon Center before 2.0.98.0 (MsIo64.sys driver before 1.1.19.1016)

No auth needed

Prerequisites: Local access to a vulnerable Windows system · MSI Dragon Center with vulnerable driver installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Jeromeyoung · poc

https://github.com/Jeromeyoung/CVE-2021-27965

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-27965, a stack-based buffer overflow in MSI Dragon Center's MsIo64.sys driver, leading to local privilege escalation on Windows 7 x64. The exploit demonstrates control over the instruction pointer and spawns an elevated command shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Dragon Center (MsIo64.sys driver)

No auth needed

Prerequisites: Windows 7 x64 · MSI Dragon Center with vulnerable MsIo64.sys driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link, Third Party Advisory x_refsource_misc

https://github.com/kronl/cve/tree/master/MSI_Dragon_Center

View Writeup ZIP pw:eip

Patch, Vendor Advisory x_refsource_misc

https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab

Scores

CVSS v3 9.8

EPSS 0.1184

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

msi/dragon_center < 2.0.98.0

Published Mar 05, 2021

Tracked Since Feb 18, 2026