CVE-2011-2005

CVSS 7.8 HIGHEPSS 31.8%● KEV

In short

A flaw in Windows' Ancillary Function Driver allows a local user to run malicious code with system-level privileges by sending specially crafted commands. This bypasses Windows security protections.

Technical detail

The afd.sys kernel driver in Windows XP SP2/SP3 and Server 2003 SP2 fails to properly validate user-mode input before processing it in kernel mode, enabling a local attacker to escalate privileges and execute arbitrary code with kernel-level access via a crafted application.

Summary generated and translated by AI from the official description.

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 2

exploitdbwww.exploit-db.com/exploits/21844unverified exploitdbwww.exploit-db.com/exploits/18176unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13114 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2005