CVE-2014-4113

CVSS 7.8 HIGHEPSS 87.0%● KEV

In short

A flaw in Windows kernel driver (win32k.sys) allows someone with local access to run a specially crafted program that gives them admin-level control over the system. This was actively exploited by attackers in October 2014.

Technical detail

win32k.sys contains a privilege escalation vulnerability exploitable by local attackers through a malicious application. The vulnerability allows unprivileged users to execute code with kernel privileges, affecting multiple Windows versions from Server 2003 through Server 2012 R2 and Windows 8.1. Exploitation requires local code execution capability.

Summary generated and translated by AI from the official description.

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 12

githubgithub.com/sam-b/CVE-2014-4113★ 41 githubgithub.com/nsxz/Exploit-CVE-2014-4113★ 5 githubgithub.com/johnjohnsp1/CVE-2014-4113★ 3 githubgithub.com/wikiZ/cve-2014-4113★ 1 exploitdbwww.exploit-db.com/exploits/46945unverified exploitdbwww.exploit-db.com/exploits/39666unverified exploitdbwww.exploit-db.com/exploits/37064unverified cve_referencepacketstormsecurity.com/files/131964/Windows-8.0-8.1-x64-TrackPopupMenu-Privilege-Escalation.htmlunverified exploitdbwww.exploit-db.com/exploits/35101unverified cve_referencewww.exploit-db.com/exploits/37064/unverified cve_referencewww.exploit-db.com/exploits/39666/unverified cve_referencewww.exploit-db.com/exploits/35101unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/http://osvdb.org/show/osvdb/113167 http://packetstormsecurity.com/files/131964/Windows-8.0-8.1-x64-TrackPopupMenu-Privilege-Escalation.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058 http://secunia.com/advisories/60970 https://github.com/sam-b/CVE-2014-4113 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4113 https://www.exploit-db.com/exploits/37064/https://www.exploit-db.com/exploits/39666/http://www.exploit-db.com/exploits/35101 http://www.securityfocus.com/bid/70364