Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1984 — Microsoft Windows Server 2008 vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

21.9%

top 4.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows Server 2008

Timeline

PublishedSep 15

Latest updateMay 13

Description

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-m8jc-fcjj-qr32: WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over th↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035/MS11-070)↗2011-09-13

▶