afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Published 2011-10-12 02:52:44
Updated 2019-02-26 14:04:01
View at NVD,   CVE.org
Vulnerability category: Gain privilege

CVE-2011-2005 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.
Added on 2022-03-28 Action due date 2022-04-18

Exploit prediction scoring system (EPSS) score for CVE-2011-2005

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2011-2005

  • MS11-080 AfdJoinLeaf Privilege Escalation
    Disclosure Date: 2011-11-30
    First seen: 2020-04-26
    exploit/windows/local/ms11_080_afdjoinleaf
    This module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode.

CVSS scores for CVE-2011-2005

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST

CWE ids for CVE-2011-2005

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2005

Products affected by CVE-2011-2005

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!