BuggiCorp says he'll sell the exploit to only one person, and that the buyer will get the exploit's source code, a fully functional demo, the Microsoft Visual Studi0 2005 project file, and free future updates for any Windows version the exploit may fail to run on.The seller wanted to be very clear that his exploit works on all Windows versions, which, according to Microsoft's statistics, may affect over 1.5 billion users.Zero-day technical details are availableBuggiCorp also provided a few technical details in his forum post. Here are a few selections, translation courtesy of Trustwave The vulnerability exists in the incorrect handling of window objects, which have certain properties, and [the vulnerability] exists in all OS [versions], starting from Windows 2000.[The] exploit is implemented for all OS architectures (x86 and x64), starting from Windows XP, including Windows Server versions, and up to current variants of Windows 10.The vulnerability is of "write-what-where" type, and as such allows one to write a certain value to any address [in memory], which is sufficient for a full exploit. The exploit successfully escapes from ILL/appcontainer (LOW), bypassing (more precisely: doesn't get affected at all [by]) all existing protection mechanisms such as ASLR, DEP, SMEP, etc. [The exploit] relies solely on the KERNEL32 and USER32 libraries [DLLs].[The] exploit is implemented for all OS architectures (x86 and x64), starting from Windows XP, including Windows Server versions, and up to current variants of Windows 10.The [source code] project of the exploit and a demo example are written in C and assembly with MSVC 2005. The output is a "lib"-file which can later be linked to any other code, and [additional output from the source code project] is a demo EXE file which launches CMD EXE and escalates the privileges to SYSTEM account.