CVE•Published 2024-01-08•1 article on news•7 live references•NVD data
CVE-2023-52271
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
6.5
MEDIUM
EPSS percentile
24
Exploit Prediction Scoring System · top 76% of all CVEs
Description
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time).
Timeline
Published 2024-01-08
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2023-52271Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Topazevolution Antifraud"All exposed Topazevolution Antifraud instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Antifraud"HTTP body or banner mentions "Antifraud" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2023-52271Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2023-52271Censys host search filtered to this CVE id.
grep.app
CVE-2023-52271Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2023-52271GitHub code search for direct mentions.
Google dork
"CVE-2023-52271" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (7)
CVE-2023-522717 repos
BlackSnufkin/BYOVDRust
BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055, CVE-2026-3609, CVE-2026-8501).
xM0kht4r/AV-EDR-KillerRust
AV/EDR processes termination by exploiting a vulnerable driver (BYOVD)
wesmar/kvcKillerC++
Advanced AV/EDR Killer: Specialized Antivirus & Windows Defender killer for security professionals. Utilizes kernel-level IOCTLs for process termination and IFEO registry technique…
I3r1h0n/SigurdRust
A BYOVD technique abuse tool
zulloper/cve-pocPython
CVE POC repo 자동 수집기
victoni/BYOVD-CVE-2023-52271-POCC++
Exploit for CVE-2023-52271 in C++. The code exploits the vulnerable driver wsftprm.sys kernel driver 2.0.0.0, which allows kernel-level access to terminate running PPL processes.
oxfemale/av-edr-killC++
Antivirus and EDR system killer by BYOD WDFLDR.SYS driver