satchfunky/CVE-2026-41096-POC

the bug is at DnsQueryRaw function (to be specific, inside DnsRawTruncateMessageForUdp) so you need a program to call it. I could be wrong, but currently there isnt a service or default program in windows 11 that use this function, thats why i needed client.c. this repo has 2 files, client.c and poc.py: client.c: it implements DnsQueryRaw (you need to replace the interface index according to your setup) poc.py: the trigger use scapy, you have to replace variable _iface with the interface of your attacker machine i leave the exploit of this as an exercise, cheers PD: windows 10 is safe, that function is specific to windows 11 (and a specific windows server version)

标签：客户端加密