CVE-2011-1984

Microsoft WINS - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1984. PoCs published by Core Security.

AI-analyzed exploit summary This PoC exploits an input validation error in the Windows Internet Name Service (WINS) by sending a specially crafted UDP packet to the dynamic port of the WINS service, leading to elevation of privilege or remote code execution on unpatched systems.

Description

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/17831

View Code ZIP pw:eip

This PoC exploits an input validation error in the Windows Internet Name Service (WINS) by sending a specially crafted UDP packet to the dynamic port of the WINS service, leading to elevation of privilege or remote code execution on unpatched systems.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Server 2003 SP0, SP1, SP2, Windows Server 2008 SP2, Windows Server 2008 R2

Auth required

Prerequisites: Valid logon credentials · Local access to the system · WINS service running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8378

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12634

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-070

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA11-256A.html

Scores

EPSS 0.0784

EPSS Percentile 93.9%

Details

CWE

CWE-264

Status published

Products (4)

microsoft/windows_2003_server

microsoft/windows_server_2003

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2

Published Sep 15, 2011

Tracked Since Feb 18, 2026