A vulnerability in the Windows kernel can be triggered via SMB in Microsoft Windows versions ranging from Windows 2000 through to Windows 7. This vulnerability allows an attacker to trigger a kernel pool corruption by sending a specially crafted SMB_COM_TRANSACTION2 request. Successful exploitation of this issue may result in remote code execution with kernel privileges, while failed attempts will result in a denial of service condition.
This Metasploit module exploits a buffer overflow in WM Downloader v3.1.2.2. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
Core Security Technologies Advisory - A crash due to an invalid read in the Windows kernel can be reliably leveraged into privileged code execution resulting in a privilege escalation local vulnerability. This happens because special values of 'hParent' where not sufficiently taken into account when patching 'xxxCreateWindowsEx' on MS010-032.