EIP-2026-115759

PRE-CVE

Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115759. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a SEH-based buffer overflow in Microsoft's 'kill.exe' utility (version 6.3.9600.17298) by sending a crafted input of 508 'A's followed by 'RRRR' to trigger the vulnerability. The PoC uses Python's subprocess to execute the vulnerable binary with the malicious input.

Description

Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash (PoC)

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · pythondoswindows

https://www.exploit-db.com/exploits/40073

View Code ZIP pw:eip

This exploit demonstrates a SEH-based buffer overflow in Microsoft's 'kill.exe' utility (version 6.3.9600.17298) by sending a crafted input of 508 'A's followed by 'RRRR' to trigger the vulnerability. The PoC uses Python's subprocess to execute the vulnerable binary with the malicious input.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Process Kill Utility (kill.exe) version 6.3.9600.17298

No auth needed

Prerequisites: Local access to the system · Presence of the vulnerable 'kill.exe' utility

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026