This is a proof-of-concept for CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability (CVSS 9.8). This is a memory corruption PoC, not an exploit. Full patch diff via ghidriff: LINK. The vulnerability is located in ole32.dll!UtOlePresStmToContentsStm.

LatestPoCs is a repository dedicated to providing Proofs of Concept (PoCs) for recently disclosed Common Vulnerabilities and Exposures (CVEs). This repository is meant for educational and research purposes, allowing cybersecurity professionals and enthusiasts to understand the impact of new vulnerabilities and how they may be exploited.

Follow the process described in this topic to patch your containers with respect to the POC content supplied to you. This topic contains the following information: Overview of Applying a POC. Details of Applying a POC. Discover Which POCs Are Applied. Details of POC Log Files

A POC is a patch supplied to you by Oracle Support in order to fix an issue specific to your use of a specific Siebel application version. Over the course of your use of a specific version of Siebel, you may be supplied with one or more POC patches. One or …

2023年9月15日 · 这篇漏洞公告一石激起千层浪：‒ 有人声称以5000美元出售漏洞的PoC；‒ 国内技术论坛上对漏洞的讨论和猜测，如12；‒ 以及github上流传的各种假PoC。首推，被国内营销号各种转发。

LPC55S69 ROM Patch Privilege Escalation and Arbitrary Code Execution PoC This repository contains a TrustedFirmware-M non-secure app demonstrating that non-secure code can utilize the LPC55 ROM patch hardware to gain arbitrary code execution at secure, privileged mode.

2025年1月24日 · A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298. The PoC demonstrates memory corruption, shedding light on the flaw’s potential for exploitation stemming from a double-free condition in the ...

2021年5月13日 · 1. Inspect the binary security patch. Identify the affected subsystem and the insecurity pattern in the low-level code. Input from step (0) is critical here. 2. Reverse-engineering (partial) of the target software/subsystem. Goal is to understand the abstract model, input flows, and potential attack vectors. 3. Analyze the binary patch again.

2025年1月2日 · Researchers unveiled a proof-of-concept (PoC) exploit for a critical vulnerability in Windows Lightweight Directory Access Protocol (LDAP), tracked as CVE-2024-49112. The flaw, disclosed by Microsoft on December 10, 2024, during its Patch Tuesday update, carries a CVSS severity score of 9.8 and poses a significant risk to enterprise networks.

2025年1月24日 · Microsoft issued a critical patch to address CVE-2025-21298, a zero-click Remote Code Execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE). This flaw exploits a double-free bug in the ole32.dll library, putting millions of systems at risk with minimal user interaction.