Main
Vulnerability Database
Exploits
ID:6075 - Exploit for Privilege escalation in Windows Server and Windows - CVE-2014-4113
ID:6075 - Exploit for Privilege escalation in Windows Server and Windows - CVE-2014-4113
Published: June 17, 2021
Vulnerability identifier: #VU4865
Vulnerability risk: Medium
CVE-ID: CVE-2014-4113
CWE-ID: CWE-119
Exploitation vector: Local access
Vulnerable software:
Windows Server
Windows
Windows Server
Windows
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to obtain elevated privileges on the target system.
The weakness exists due to improper handling of objects in memory by kernel-mode driver (win32k.sys). A local attacker can run a specially crafted application to gain elevated privileges and take complete control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to improper handling of objects in memory by kernel-mode driver (win32k.sys). A local attacker can run a specially crafted application to gain elevated privileges and take complete control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website.