CVE-2024-26230

HIGH

Windows Telephony Server - Use-After-Free Elevation of Privilege

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-26230. PoCs published by Wa1nut4, kiwids0220.

AI-analyzed exploit summary This exploit PoC demonstrates a use-after-free (UAF) vulnerability in the Windows Telephony API (tapsrv) to achieve arbitrary code execution. It manipulates RPC calls to trigger UAF conditions, leaks memory addresses, and ultimately loads a malicious DLL via LoadLibraryW.

Description

Windows Telephony Server Elevation of Privilege Vulnerability

Exploits (2)

nomisec WORKING POC 23 stars

by Wa1nut4 · poc

https://github.com/Wa1nut4/CVE-2024-26230

View Code ZIP pw:eip

This exploit PoC demonstrates a use-after-free (UAF) vulnerability in the Windows Telephony API (tapsrv) to achieve arbitrary code execution. It manipulates RPC calls to trigger UAF conditions, leaks memory addresses, and ultimately loads a malicious DLL via LoadLibraryW.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Windows Telephony API (tapsrv)

No auth needed

Prerequisites: Access to the target system · Ability to execute arbitrary code on the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by kiwids0220 · poc

https://github.com/kiwids0220/CVE-2024-26230

View Code ZIP pw:eip

This PoC exploits CVE-2024-26230, a vulnerability in the TAPI service, by leveraging RPC calls to trigger memory corruption or arbitrary code execution. The code includes functions to manipulate RPC bindings and craft malicious requests to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Windows TAPI Service (specific version not specified)

No auth needed

Prerequisites: Network access to the target system · TAPI service running on the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230

Scores

CVSS v3 7.8

EPSS 0.2429

EPSS Percentile 97.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (16)

microsoft/windows_10_1507 < 10.0.10240.20596 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.6897 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.5696

microsoft/windows_10_21h2 < 10.0.19044.4291

microsoft/windows_10_22h2 < 10.0.19045.4291

microsoft/windows_11_21h2 < 10.0.22000.2899

microsoft/windows_11_22h2 < 10.0.22621.3447

microsoft/windows_11_23h2 < 10.0.22631.3447

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

... and 6 more

Published Apr 09, 2024

Tracked Since Feb 18, 2026