CVE Vulnerabilities

CVE-2014-4113

Published: Oct 15, 2014 | Modified: Dec 20, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka Win32k.sys Elevation of Privilege Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_7 Microsoft –sp1 (including) –sp1 (including)
Windows_8 Microsoft - (including) - (including)
Windows_8.1 Microsoft - (including) - (including)
Windows_rt Microsoft - (including) - (including)
Windows_rt_8.1 Microsoft - (including) - (including)
Windows_server_2003 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft r2-sp1 (including) r2-sp1 (including)
Windows_server_2012 Microsoft - (including) - (including)
Windows_server_2012 Microsoft r2 (including) r2 (including)
Windows_vista Microsoft –sp2 (including) –sp2 (including)

References