CVE-2024-30038

HIGH

Windows 10 1507-22H2 and Windows 11 21H2-23H2 - Elevation of Privilege via Win32k Heap-based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-30038. PoCs published by tykawaii98, jheysel-r7, including Metasploit module exploits/windows/local/cve_2024_30088_authz_basep.

AI-analyzed exploit summary This Metasploit module exploits CVE-2024-30088, a Windows Kernel Time of Check Time of Use (TOCTOU) vulnerability in AuthzBasepCopyoutInternalSecurityAttributes, allowing local privilege escalation (LPE) by manipulating token objects.

Description

Win32k Elevation of Privilege Vulnerability

Exploits (1)

metasploit WORKING POC EXCELLENT

by tykawaii98, jheysel-r7 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2024_30088_authz_basep.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-30088, a Windows Kernel Time of Check Time of Use (TOCTOU) vulnerability in AuthzBasepCopyoutInternalSecurityAttributes, allowing local privilege escalation (LPE) by manipulating token objects.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows 10, Windows 11, Windows Server 2019/2022 (specific builds)

Auth required

Prerequisites: Local access to a vulnerable Windows system · Meterpreter session

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30038

Scores

CVSS v3 7.8

EPSS 0.0255

EPSS Percentile 83.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (14)

microsoft/windows_10_1507 < 10.0.10240.20651 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.6981 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.5820

microsoft/windows_10_21h2 < 10.0.19044.4412

microsoft/windows_10_22h2 < 10.0.19045.4412

microsoft/windows_11_21h2 < 10.0.22000.2960

microsoft/windows_11_22h2 < 10.0.22621.3593

microsoft/windows_11_23h2 < 10.0.22631.3593

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 4 more

Published May 14, 2024

Tracked Since Feb 18, 2026