CVE-2011-1974

Microsoft Windows XP/Server 2003 - Privilege Escalation

Title source: llm

Description

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

Exploits (2)

exploitdb WORKING POC

by Tomislav Paskalev · clocalwindows_x86

https://www.exploit-db.com/exploits/40627

View Code ZIP pw:eip

nomisec

by hittlle · poc

https://github.com/hittlle/CVE-2011-1974-PoC

View on nomisec

References (5)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-221A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12912

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48996

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40627/

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-062

Scores

EPSS 0.0157

EPSS Percentile 81.6%

Details

CWE

CWE-264

Status published

Products (3)

microsoft/windows_2003_server

microsoft/windows_server_2003

microsoft/windows_xp (2 CPE variants)

Published Aug 10, 2011

Tracked Since Feb 18, 2026