CVE-2012-0148

Loading...

General

Score:7.2/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2012-0149

Published on 14/02/12 - Updated on 13/10/18

Description

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2012-0148
Microsoft MS12-009
Renater 2012/VULN071

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoftwindows_7
microsoftwindows_server_2003
microsoftwindows_server_2008
microsoftwindows_vista
microsoftwindows_xp

Share this vulnerability with:

Twitter Facebook LinkedIn Mail