EIP-2026-117476

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117476. PoCs published by MJ0011.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Micropoint Proactive Defense's mp110013.sys driver by manipulating PspCreateProcessNotifyRoutine and PspLegoNotifyRoutine offsets via DeviceIoControl to achieve arbitrary kernel memory writes. It includes shellcode to disable write protection and modify kernel memory, specifically targeting Windows XP.

Description

Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by MJ0011 · clocalwindows

https://www.exploit-db.com/exploits/12213

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in Micropoint Proactive Defense's mp110013.sys driver by manipulating PspCreateProcessNotifyRoutine and PspLegoNotifyRoutine offsets via DeviceIoControl to achieve arbitrary kernel memory writes. It includes shellcode to disable write protection and modify kernel memory, specifically targeting Windows XP.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Micropoint Proactive Defense mp110013.sys <= 1.3.10123.0

No auth needed

Prerequisites: Windows XP environment · Presence of vulnerable Micropoint Proactive Defense driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Local Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details