Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Author: Shahriyar Jalayeri
type: local
platform: windows_x86-64
port: 
date_added: 2012-08-27  
date_updated: 2017-07-14  
verified: 1  
codes: CVE-2012-0217;OSVDB-82850;MS12-042  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt21000/screen-shot-2012-08-27-at-100534-am.png  
application_url:   

raw file: 20861.txt  

Source: http://packetstormsecurity.org/files/115908/sysret.rar

This is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.

Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20861.rar