EIP-2026-115779

This exploit triggers a denial-of-service (BSOD) in Microsoft Windows by exploiting a vulnerability in win32k.sys where the function xxxMenuWindowProc fails to validate the return value of xxxMNOpenHierarchy, leading to a read from address -1. The PoC uses a sequence of menu operations and hooks to trigger the vulnerable code path.