CVE-2011-1974

Microsoft Windows XP/Server 2003 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1974. PoCs published by Tomislav Paskalev.

AI-analyzed exploit summary This exploit targets CVE-2011-1974, a privilege escalation vulnerability in the NDISTAPI.sys driver on Windows XP and Server 2003. It leverages improper input validation to execute arbitrary code in kernel mode, granting SYSTEM privileges.

Description

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WORKING POC

by Tomislav Paskalev · clocalwindows_x86

https://www.exploit-db.com/exploits/40627

View Code ZIP pw:eip

This exploit targets CVE-2011-1974, a privilege escalation vulnerability in the NDISTAPI.sys driver on Windows XP and Server 2003. It leverages improper input validation to execute arbitrary code in kernel mode, granting SYSTEM privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows XP SP3 x86, Windows Server 2003 SP2 x86

Auth required

Prerequisites: Low privilege access · Unpatched system (KB2566454 not installed) · Remote Access Service (RAS) running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12912

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-062

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40627/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48996

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

Scores

EPSS 0.0157

EPSS Percentile 82.0%

Details

CWE

CWE-264

Status published

Products (3)

microsoft/windows_2003_server

microsoft/windows_server_2003

microsoft/windows_xp (2 CPE variants)

Published Aug 10, 2011

Tracked Since Feb 18, 2026