PoC for CVE-2024-38063 (RCE in tcpip.sys)
A proof of concept (PoC) for a remote code execution (RCE) vulnerability in tcpip.sys, identified as CVE-2024-38063, has been released. The vulnerability was patched on August 13th, 2024. The PoC is described as flaky and requires the Scapy library for Python to execute. It involves sending malformed IPv6 packets to the target system to trigger heap corruptions and increase the likelihood of exploiting the vulnerability. The exploit strategy relies on Windows coalescing multiple IP packets and processing them in batches, which can lead to a buffer overflow under certain conditions, particularly when the system's packet reassembly timeout is triggered after one minute of inactivity from the sender. The PoC script provided allows users to specify network interface, target IP address, number of tries and batches, and MAC address if necessary. To reproduce the vulnerability, it's recommended to enable debugging on the target system and restart it. The exploit takes advantage of a parsing error in the handling of IPv6 extension headers and a subsequent error in packet reassembly that can lead to an integer overflow and buffer overflow. The vulnerability does not require heavy network load or specific settings on the target system, other than IPv6 being enabled and the ability to receive packets pre-firewall. Troubleshooting tips are provided for cases where the exploit does not work, such as ensuring IPv6 connectivity, checking packet reception with Wireshark, and adjusting network adapter settings. The PoC is part of a broader discussion on cyber threats and vulnerabilities, with other related articles mentioned that cover different security issues and exploits. CVEs: CVE-2024-38063 [View Article](https://darkwebinformer.com/poc-for-cve-2024-38063-rce-in-tcpip-sys/)