MS14-003  Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

2014-01-14 This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Vulnerabilities addressed in this bulletin:
Win32k Window Handle Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly uses window handle thread-owned objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.
CVE-2014-0262

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2014-0262

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-01-15
Updated
2020-09-28
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close