Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1249 — Microsoft Windows Server 2008 vulnerability

CWE-2646 documents5 sources

Severity

7.2HIGHNVD

EPSS

3.3%

top 12.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Server 2008

Timeline

PublishedJun 16

Latest updateMay 13

Description

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-xh73-pg9j-32r3: The Ancillary Function Driver (AFD) in afd↗2022-05-13

▶

VulnCheck

Ancillary Function Driver Elevation of Privilege Vulnerability↗2011

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)↗2016-10-18

▶

Exploit-DB

Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046)↗2012-04-19

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 06-14-2011↗

▶