7.8

CVE-2014-4113

Warnung
Exploit

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftWindows Vista Version- Updatesp2

04.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Win32k Privilege Escalation Vulnerability

Schwachstelle

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 82.79% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
http://www.exploit-db.com/exploits/35101
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/70364
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/37064/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/39666/
Third Party Advisory
VDB Entry