7.2

CVE-2014-1767

Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.69% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://secunia.com/advisories/59778
http://www.securityfocus.com/bid/68394
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-14-220/
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-040
https://www.exploit-db.com/exploits/39446/
https://www.exploit-db.com/exploits/39525/