Lucene search

[email protected]CVE-2012-0149

HistoryFeb 14, 2012 - 10:55 p.m.

CVE-2012-0149

2012-02-1422:55:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-0149

ancillary function driver

microsoft windows

elevation of privilege

vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka “Ancillary Function Driver Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2003sp2

CPENameOperatorVersion
microsoft:windows_server_2003microsoft windows server 2003eq*

CPE	Name	Operator	Version
microsoft:windows_server_2003	microsoft windows server 2003	eq	*

References

www.us-cert.gov/cas/techalerts/TA12-045A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-009

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14958

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2012-0149

prion1 cvelist1 symantec1 nvd1 nessus1 openvas2 securityvulns1