### [CVE-2012-0217](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.  NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

### POC

#### Reference
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- https://www.exploit-db.com/exploits/28718/
- https://www.exploit-db.com/exploits/46508/

#### Github
- https://github.com/1o24er/RedTeam
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Al1ex/APT-GUID
- https://github.com/Al1ex/Red-Team
- https://github.com/Apri1y/Red-Team-links
- https://github.com/Ascotbe/Kernelhub
- https://github.com/Cruxer8Mech/Idk
- https://github.com/Echocipher/Resource-list
- https://github.com/Flerov/WindowsExploitDev
- https://github.com/Ondrik8/RED-Team
- https://github.com/Snoopy-Sec/Localroot-ALL-CVE
- https://github.com/anoaghost/Localroot_Compile
- https://github.com/cranelab/exploit-development
- https://github.com/dabumana/Open-Security-Training-Architecture
- https://github.com/dk47os3r/hongduiziliao
- https://github.com/dyjakan/exploit-development-case-studies
- https://github.com/felixlinker/ifc-rv-thesis
- https://github.com/hasee2018/Safety-net-information
- https://github.com/hudunkey/Red-Team-links
- https://github.com/john-80/-007
- https://github.com/landscape2024/RedTeam
- https://github.com/lp008/Hack-readme
- https://github.com/lyshark/Windows-exploits
- https://github.com/nobiusmallyu/kehai
- https://github.com/paulveillard/cybersecurity-exploit-development
- https://github.com/slimdaddy/RedTeam
- https://github.com/svbjdbk123/-
- https://github.com/twensoo/PersistentThreat
- https://github.com/xiaoZ-hc/redtool
- https://github.com/ycdxsb/WindowsPrivilegeEscalation
- https://github.com/yut0u/RedTeam-BlackBox