← back
CVE-2014-4113

CVE-2014-4113

CVSS 7.8 HIGHEPSS 87.0%● KEV
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (41 stars) — exploitation code widely available.
CVSS 7.8EPSS 87.0%KEV simPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
14 Oct 2014Metasploit module available
15 Oct 2014Published on NVD
28 Oct 2014Public PoC
04 May 2022Active exploitation (CISA KEV)
Weaponization speed
13 daysto first PoC
2758 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Windows kernel driver (win32k.sys) allows someone with local access to run a specially crafted program that gives them admin-level control over the system. This was actively exploited by attackers in October 2014.

Technical detail

win32k.sys contains a privilege escalation vulnerability exploitable by local attackers through a malicious application. The vulnerability allows unprivileged users to execute code with kernel privileges, affecting multiple Windows versions from Server 2003 through Server 2012 R2 and Windows 8.1. Exploitation requires local code execution capability.

Summary generated and translated by AI from the official description.
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.