CVE-2011-2005
CVE-2011-2005
Vexday Risk Score
98Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 31.8%KEV simPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
12 Oct 2011Published on NVD
30 Nov 2011Metasploit module available
30 Nov 2011Public PoC
28 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
Who exploits it — 1
Groups known to exploit this vulnerability (MITRE ATT&CK attribution).
In short
A flaw in Windows' Ancillary Function Driver allows a local user to run malicious code with system-level privileges by sending specially crafted commands. This bypasses Windows security protections.
Technical detail
The afd.sys kernel driver in Windows XP SP2/SP3 and Server 2003 SP2 fails to properly validate user-mode input before processing it in kernel mode, enabling a local attacker to escalate privileges and execute arbitrary code with kernel-level access via a crafted application.
Summary generated and translated by AI from the official description.
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/21844unverifiedexploitdbwww.exploit-db.com/exploits/18176unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →