CVE-2012-0148

Windows 7 and Windows Server 2008 - Privilege Escalation via AfdPoll Input Validation

Title source: llm
STIX 2.1

Description

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-045A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14852

Scores

EPSS 0.0166
EPSS Percentile 73.9%

Details

CWE
CWE-20
Status published
Products (6)
microsoft/windows_7 (2 CPE variants)
microsoft/windows_server_2003
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2 (2 CPE variants)
microsoft/windows_vista
microsoft/windows_xp
Published Feb 14, 2012
Tracked Since Feb 18, 2026