CVE-2021-28476

This repository contains a functional proof-of-concept exploit for CVE-2021-28476, a guest-to-host Hyper-V Remote Code Execution vulnerability in vmswitch.sys. The exploit leverages a malicious RNDIS packet sent over VMBus to trigger an arbitrary memory read in the host system.

The repository describes multiple vulnerabilities in Microsoft Hyper-V's vmswitch component, specifically involving WPP code handling of set OID requests, leading to pointer dereference and out-of-bounds read issues. It references an external technical advisory for detailed analysis.

The repository contains only a minimal README with a brief description of CVE-2021-28476, a Hyper-V guest-to-host RCE vulnerability in vmswitch.sys, but no actual exploit code or technical details.

This repository contains a functional exploit PoC for CVE-2021-28476, targeting a vulnerability in the Hyper-V network driver. It includes modified kernel module source code and tools to compile, load, and execute the exploit.

This repository contains a functional proof-of-concept exploit for CVE-2021-28476, a guest-to-host Hyper-V Remote Code Execution vulnerability in vmswitch.sys. The exploit leverages a malicious RNDIS packet sent over VMBus to trigger an arbitrary memory read in the host system.

This repository contains a functional exploit PoC for CVE-2021-28476, which leverages an arbitrary pointer dereference vulnerability in Hyper-V's vmswitch.sys driver. The exploit triggers a DoS condition by sending a crafted OID request from a guest VM, causing the host kernel to crash.