{"vulnerability": "cve-2012-0217", "sightings": [{"uuid": "c81fcfee-9830-48d7-a5e3-868e2deb09f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2012-0217", "type": "exploited", "source": "https://www.exploit-db.com/exploits/46508", "content": "", "creation_timestamp": "2019-03-07T00:00:00.000000Z"}, {"uuid": "8bb92d3d-ede2-4391-b227-33b4ae497c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2012-0217", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:40.000000Z"}, {"uuid": "6319706e-fa1e-420c-bd0f-ba9c0c651aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2012-0217", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:01.000000Z"}, {"uuid": "96b26781-6f7a-4f43-91fa-8295be6f5b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2012-0217", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb", "content": "", "creation_timestamp": "2019-03-07T02:02:18.000000Z"}, {"uuid": "7c3fb4ce-8580-4a8c-89f3-d1de84bacf22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2012-0217", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/28718", "content": "", "creation_timestamp": "2013-10-04T00:00:00.000000Z"}, {"uuid": "c0d8bad7-e260-4d51-bd37-d26c89484663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2012-0217", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/20861", "content": "", "creation_timestamp": "2012-08-27T00:00:00.000000Z"}, {"uuid": "c8bc898a-d176-445f-b975-66b6c89ee85c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2012-0217", "type": "published-proof-of-concept", "source": "https://t.me/VulnerabilityNews/5241", "content": "#0daytoday #FreeBSD - Intel SYSRET Privilege Escalation Exploit CVE-2012-0217 [remote #exploits #0day #Exploit]\nRead More", "creation_timestamp": "2019-03-07T21:37:26.000000Z"}, {"uuid": "701851ee-0bb3-4c70-baa9-62d14daaea7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2012-0217", "type": "seen", "source": "https://infosec.exchange/users/andersonc0d3/statuses/116714668750112519", "content": "A few links about CVE-2012-0217\u2014the SYSRET vulnerability. A difference in behavior on Intel CPUs compared to other x86 CPUs that allowed Arbitrary Code Execution on kernels and hypervisors.\nThe first link below is from a presentation at Black Hat by the researcher who discovered it.\nThe second link, if I am not mistaken, is the first public exploit for that vulnerability, achieving Privilege Escalation on FreeBSD.\nThen I found two blog posts from the now-defunct company VUPEN, detailing how they exploited it on Windows and Xen.\nThe last two links are the official blog post from the Xen Project and a technical write-up from NCC Group about exploiting Xen based on the VUPEN article.\nA Stitch in Time Saves Nine: A Case of Multiple Operating System Vulnerability https://media.blackhat.com/bh-us-12/Briefings/Wojtczuk/BH_US_12_Wojtczuk_A_Stitch_In_Time_Slides.pdf\nCVE-2012-0217: Intel's sysret Kernel Privilege Escalation (on FreeBSD) https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/\nAdvanced Exploitation of Windows Kernel Intel 64-Bit Mode Sysret Vulnerability (MS12-042) https://web.archive.org/web/20120824020724/http://www.vupen.com/blog/20120806.Advanced_Exploitation_of_Windows_Kernel_x64_Sysret_EoP_MS12-042_CVE-2012-0217.php\nAdvanced Exploitation of Xen Hypervisor Sysret VM Escape Vulnerability https://web.archive.org/web/20120908033139/http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php\nThe Intel SYSRET privilege escalation https://xenproject.org/blog/the-intel-sysret-privilege-escalation/\nAdventures in Xen Exploitation https://www.nccgroup.com/research/adventures-in-xen-exploitation/\nThere's also this academic work, but I couldn't find the full-text PDF. \nIntel SYSRET Privilege Escalation Vulnerability Analysishttps://link.springer.com/chapter/10.1007/978-3-642-35211-9_5", "creation_timestamp": "2026-06-08T13:15:12.580168Z"}]}