EIP-2026-115784

PRE-CVE

Microsoft Windows - Win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115784. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This is a detailed technical analysis of a vulnerability in Microsoft Windows win32k.sys, specifically in the xxxRealDrawMenuItem function, where missing HBITMAP bounds checks in the free build can lead to arbitrary kernel code execution. The writeup includes disassembly analysis, crash logs, and a description of the exploit mechanism.

Description

Microsoft Windows - Win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tavis Ormandy · textdoswindows

https://www.exploit-db.com/exploits/14668

View Code ZIP pw:eip

This is a detailed technical analysis of a vulnerability in Microsoft Windows win32k.sys, specifically in the xxxRealDrawMenuItem function, where missing HBITMAP bounds checks in the free build can lead to arbitrary kernel code execution. The writeup includes disassembly analysis, crash logs, and a description of the exploit mechanism.

Classification

Writeup 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Windows 7

No auth needed

Prerequisites: Access to a vulnerable Windows 7 system · Ability to make direct system calls

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026