7.8

CVE-2014-4113

Warning
Exploit

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftWindows Vista Version- Updatesp2

04.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Win32k Privilege Escalation Vulnerability

Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 82.79% 0.992
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
http://www.exploit-db.com/exploits/35101
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/70364
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/37064/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/39666/
Third Party Advisory
VDB Entry