Privilege Escalation Vulnerability in Microsoft Windows Products
CVE-2011-1249

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2008; Windows Xp; Windows 7; Windows Vista
Vendor: CVE Published:; 16 June 2011

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2011-1249?

The Ancillary Function Driver (AFD) in various versions of Microsoft Windows does not execute proper validation of user-mode input. This flaw enables local users to escalate their privileges via specially crafted applications, potentially leading to unauthorized access to system resources. Affected versions include Windows XP, Windows Vista, and various iterations of Windows Server, marking a significant risk for systems still operating on these outdated platforms.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-1249 - Proof of Concept

OHTS
Created by Madusanka99

edb-40564-mingw-fix
Created by appl3b0y

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://www.exploit-db.com/exploits/40564/

exploitx_refsource_EXPLOIT-DB

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 10, 2021
👾
Exploit known to exist
May 13, 2020
Vulnerability published
Jun 16, 2011
Vulnerability Reserved
Mar 4, 2011

CVE-2011-1249 Data

JSON