PT-2012-2351 · Microsoft · Windows Server 2003 Sp2+2

Tarjei Mandt

Published

2012-02-14

Updated

2019-02-26

CVE-2012-0149

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2

Description The issue arises from improper validation of user-mode input passed to kernel mode by the Ancillary Function Driver (afd.sys) in Microsoft Windows. This could allow a local attacker to execute arbitrary code with elevated privileges, potentially leading to complete control of the affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Microsoft Windows Server 2003 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-0149

Affected Products

Windows Server 2003 Sp2

Windows

Afd.Sys

PT-2012-2351 · Microsoft · Windows Server 2003 Sp2+2

CVE-2012-0149

Weakness Enumeration

Related Identifiers

Affected Products

References · 6