Windows TCP/IP Remote Code Execution Vulnerability

Repository is very small and consists of a long README plus a single Python PoC script. The README describes an alleged Windows TCP/IP IPv6/IPSec race-condition RCE, CVE-2026-33827, affecting Windows 10/11/Server and requiring network reachability plus IPSec. It includes defensive guidance, references, and high-level exploitation theory, but no concrete exploit internals beyond pseudocode. The actual code in exploit.py is a Scapy-based packet generator. It defines a placeholder target IPv6 address (fe80::...) and interface (eth0), builds an Ethernet frame carrying an IPv6 packet with a Destination Options header, an IPv6 Fragment header with randomized fragment ID, and a 1200-byte raw payload of repeated 'X' characters. The flood() function then repeatedly transmits this packet at Layer 2 using sendp(..., loop=1, inter=0), effectively creating a continuous malformed/fragmented IPv6 packet flood. Main exploit capability: network-based packet crafting and flooding intended to stress or trigger the claimed vulnerable Windows IPv6/IPSec processing path. The script does not implement IPSec negotiation, race orchestration across threads/processes, memory corruption primitives, shellcode delivery, callback infrastructure, or any reliable RCE chain. As such, this is best characterized as a proof-of-concept traffic generator rather than a complete weaponized exploit. Repository structure and purpose: README serves as vulnerability overview and remediation guidance; exploit.py is the only executable component and the likely entry point. Overall purpose appears to be demonstrating how to generate suspicious IPv6 fragmented traffic against a Windows target, not delivering a full end-to-end compromise.