Privilege escalation in Microsoft Windows
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2011-1249 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU3038
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-1249
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain elevated privileges on the target system.
The vulnerability exists due to improper validation of input passed from user mode to the kernel in the Ancillary Function Driver (afd.sys). By running a malicious application, a local attacker with valid login credentials can execute arbitrary code with system privileges.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
Note: the vulnerability was being actively exploited.
MitigationInstall update from vendor's website:
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=A1DB7736-F3E4-45DF-AF1D-52746978A0A8
http://go.microsoft.com/fwlink/?LinkId=125709
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=71497891-41A2-476D-B524-4EB5CECB9639
http://go.microsoft.com/fwlink/?LinkId=125709
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=C614CB8B-223E-4F84-B94C-F15747760AA5
http://go.microsoft.com/fwlink/?LinkId=125709
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=9A951087-25C5-4F5C-8407-A1585491AE0B
http://go.microsoft.com/fwlink/?LinkId=125709
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=DD48B93B-24FA-45A3-91FB-9F9F9418C49F
http://go.microsoft.com/fwlink/?LinkId=125709
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=B69E3BDA-940B-4524-A724-0AF4AE0EC719
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=E3A26BC5-1757-4B38-9CAE-419C919F4877
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=E34E4CF9-CDAE-4240-8574-950C0BE00822
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=A3604F05-26B2-451B-9153-0E718158371E
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=E8A82B44-E1D8-45F8-B8B8-B1F74E1EFCE0
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=63D8B801-5178-474B-A21E-72A0CE501D3E
http://go.microsoft.com/fwlink/?LinkID=194562
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=CD7D3CB9-CB60-4B62-B0DF-A38FE21802E9
http://go.microsoft.com/fwlink/?LinkID=194562
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=E67C73CA-D0F9-40C1-8B6E-25B1B13CAA3A
http://go.microsoft.com/fwlink/?LinkID=194562
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=72D1D6B6-E8BD-492B-B65A-82060BEEF441
http://go.microsoft.com/fwlink/?LinkID=194562
Windows: 7 - XP
Windows Server: 2003 - 2008
External linkshttp://technet.microsoft.com/en-us/library/security/ms11-046.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
