EIP-2026-118116

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118116. PoCs published by Marcio Mendes.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Windows MultiPoint Server 2011 SP1 by manipulating registry keys (Dnscache and RpcEptMapper) to load a malicious DLL via the Windows Performance Monitoring mechanism, resulting in code execution as Local System.

Description

Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Marcio Mendes · textlocalwindows

https://www.exploit-db.com/exploits/50517

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Windows MultiPoint Server 2011 SP1 by manipulating registry keys (Dnscache and RpcEptMapper) to load a malicious DLL via the Windows Performance Monitoring mechanism, resulting in code execution as Local System.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows MultiPoint Server 2011 SP1 (Version 6.1 Compilation 7601 Service Pack 1)

Auth required

Prerequisites: Local user access · Write permissions to specific registry keys · Visual Studio 2019 for compilation · Microsoft Visual C++ Redistributable installed on target

MITRE ATT&CK

T1546.015 - Component Object Model Hijacking T1112 - Modify Registry

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details