Exploitation Summary
EIP tracks 4 public exploits for CVE-2014-1767. PoCs published by Rick Larabee, ExploitCN, AmazingOut.
AI-analyzed exploit summary This exploit targets CVE-2014-1767, a local privilege escalation vulnerability in AFD.SYS on Windows 7 x64. It leverages a dangling pointer to overwrite kernel memory and escalate privileges by manipulating the HalDispatchTable.
Description
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Exploits (4)
This exploit targets CVE-2014-1767, a local privilege escalation vulnerability in AFD.SYS on Windows 7 x64. It leverages a dangling pointer to overwrite kernel memory and escalate privileges by manipulating the HalDispatchTable.
This exploit leverages a dangling pointer vulnerability in AFD.SYS (CVE-2014-1767) to achieve local privilege escalation on Windows 7 32-bit systems. It manipulates kernel memory structures to overwrite the HalDispatchTable and execute a token-stealing payload.
This is a proof-of-concept exploit for CVE-2014-1767, targeting a Windows kernel vulnerability in the AFD driver. It leverages heap manipulation and memory corruption to achieve local privilege escalation by overwriting the HalDispatchTable.
This repository contains a functional exploit for CVE-2014-1767, a Windows kernel vulnerability (Double Free) affecting Windows 7 x86 SP1. The exploit leverages the NtCreateWorkerFactory and NtSetInformationWorkerFactory APIs to achieve local privilege escalation (LPE) by manipulating kernel structures and replacing the current process token with the SYSTEM token.