Executive Summary

Summary
Title Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Informations
Name MS11-080 First vendor Publication 2011-10-11
Vendor Microsoft Last vendor Modification 2011-10-11
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important

Revision Note: V1.0 (October 11, 2011): Bulletin published.

Summary: This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-080

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13114
 
Oval ID: oval:org.mitre.oval:def:13114
Title: Ancillary Function Driver Elevation of Privilege Vulnerability
Description: afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2005
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1
Os 2

ExploitDB Exploits

id Description
2012-10-10 MS11-080 AfdJoinLeaf Privilege Escalation
2011-11-30 MS11-080 Afd.sys Privilege Escalation Exploit

OpenVAS Exploits

Date Description
2011-10-12 Name : MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799)
File : nvt/secpod_ms11-080.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76232 Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows afd.sys kernel-mode memory corruption attempt
RuleID : 20270 - Revision : 10 - Type : FILE-EXECUTABLE

Metasploit Database

id Description
2020-02-08 Windows Gather Applied Patches
2011-11-30 MS11-080 AfdJoinLeaf Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2011-10-11 Name : The remote Windows host contains a driver that allows privilege escalation.
File : smb_nt_ms11-080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2020-05-23 13:17:13
  • Multiple Updates
2016-03-13 21:24:03
  • Multiple Updates
2016-03-09 21:24:45
  • Multiple Updates
2016-03-09 17:23:36
  • Multiple Updates
2014-11-14 13:24:29
  • Multiple Updates
2014-02-17 11:47:08
  • Multiple Updates
2014-01-19 21:30:44
  • Multiple Updates
2013-05-11 00:49:53
  • Multiple Updates