VDB
CNVD-2021-10529
CNVD-2021-10529
PUBLISHED
Microsoft Windows操作系统是美国微软公司研发的一套操作系统。 Microsoft Windows TCP/IP存在拒绝服务漏洞,攻击者可以通过发送多个精心制作的IPv6数据包(多个IP包头、无效包头、多个分片头等)触发漏洞,该漏洞利用成功可能导致目标主机发生蓝屏。
Exploit Intelligence
- This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/ (github-poc-repo)
- This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/ (github-poc-repo)
- This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/ (github-poc)
- This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/ (github-poc)
- lisinan988/CVE-2021-24086-exp (github-poc)
- lisinan988/CVE-2021-24086-exp (github-poc)
- Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely. (github-poc)
- Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely. (github-poc)
Timeline
- Feb 10, 2021 CVE Published