module
Windows SetImeInfoEx Win32k NULL Pointer Dereference
| Disclosed |
|---|
| May 9, 2018 |
Disclosed
May 9, 2018
Description
This module exploits elevation of privilege vulnerability that exists in Windows 7 and 2008 R2
when the Win32k component fails to properly handle objects in memory. An attacker who
successfully exploited this vulnerability could run arbitrary code in kernel mode. An
attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
This module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
when the Win32k component fails to properly handle objects in memory. An attacker who
successfully exploited this vulnerability could run arbitrary code in kernel mode. An
attacker could then install programs; view, change, or delete data; or create new
accounts with full user rights.
This module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.