CVE 2024 26230 Windows Telephony Service It’s Got Some Call ing Issues (Elevation of Privilege)

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/windows-exploit-research/CVE-2024-26230_ Windows Telephony Service - It's Got Some Call-ing Issues (Elevation of Privilege).md.

Status: integrated Integrated into: CVE-2024-26230

Excerpt

CVE-2024-26230 is a critical vulnerability found in the Windows Telephony Service (TapiSrv), which can lead to an elevation of privilege on affected systems. The exploit leverages a use-after-free in FreeDialogInstance. By manipulating the registry, an attacker controls memory allocation to create a fake object, triggering the UAF in TUISPIDLLCallback to gain code execution. This is further…