EIP-2026-117547

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117547. PoCs published by SandboxEscaper.

AI-analyzed exploit summary This is a technical writeup describing a race condition vulnerability in the Windows Installer (MSI) that allows capturing rollback scripts to achieve privilege escalation. The author details the timing window for exploiting the race condition and provides steps for reproduction, including the use of a custom tool (polarbear.exe) and ProcMon logs.

Description

Microsoft Windows 10 (17763.379) - Install DLL

Exploits (1)

exploitdb WRITEUP

by SandboxEscaper · textlocalwindows

https://www.exploit-db.com/exploits/46916

View Code ZIP pw:eip

This is a technical writeup describing a race condition vulnerability in the Windows Installer (MSI) that allows capturing rollback scripts to achieve privilege escalation. The author details the timing window for exploiting the race condition and provides steps for reproduction, including the use of a custom tool (polarbear.exe) and ProcMon logs.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows Installer (MSI)

No auth needed

Prerequisites: Access to an auto-elevating MSI installer in C:\Windows\Installer · Custom tool (polarbear.exe) and associated files (test.rbf, test.rbs) · Precise timing to win the race condition

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Microsoft Windows 10 (17763.379) - Install DLL

Exploitation Summary

Description

Exploits (1)

Details