CVE-2011-1249 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2011-1249

Deferred

More Info Official Page

Source-secure@microsoft.com

Published At-16 Jun, 2011 | 20:55

Updated At-11 Apr, 2025 | 00:51

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>windows_2003_server>>*

cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*

Microsoft Corporation

>>windows_server_2003>>*

cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>*

cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>*

cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_xp>>*

cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Microsoft Corporation

>>windows_xp>>-

cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046	secure@microsoft.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731	secure@microsoft.com	N/A
https://www.exploit-db.com/exploits/40564/	secure@microsoft.com	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/40564/	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046

Source: secure@microsoft.com

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731

Source: secure@microsoft.com

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/40564/

Source: secure@microsoft.com

Resource: N/A

Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/40564/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A