CVE-2012-0148 — Improper Input Validation in Microsoft Windows Server 2008

CWE-20 — Improper Input Validation4 documents3 sources

Severity

7.2HIGHNVD

EPSS

1.5%

top 19.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedFeb 14

Latest updateMay 4

Description

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-rxfv-8c6w-gx22: afd↗2022-05-04

▶

💬Community

Bugzilla

CVE-2012-5647 openshift-origin-node-util: restorer.php arbitrary URL redirection↗2012-12-18

▶

Bugzilla

CVE-2012-5646 openshift-origin-node-util: restorer.php preg_match shell code injection↗2012-12-18

▶