← back
CVE-2011-1249

CVE-2011-1249

EPSS 8.5%◆ VulnCheck KEV
Vexday Risk Score
45Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Popular PoC on GitHub (1 stars) — exploitation code widely available.
CVSS EPSS 8.5%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
16 Jun 2011Published on NVD
19 Apr 2012Public PoC
Weaponization speed
307 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.