CVE-2014-4076

EXPLOITED

Microsoft Windows Server 2003 SP2 - Privilege Escalation

Title source: llm

Description

Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."

Exploits (5)

exploitdb WORKING POC

by Tomislav Paskalev · clocalwindows

https://www.exploit-db.com/exploits/37755

View Code ZIP pw:eip

exploitdb WRITEUP

by KoreLogic · pythonlocalwindows

https://www.exploit-db.com/exploits/35936

View Code ZIP pw:eip

nomisec WORKING POC

by fungoshacks · poc

https://github.com/fungoshacks/CVE-2014-4076

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms14_070_tcpip_ioctl.rb

View Code ZIP pw:eip

patchapalooza NO CODE

by Ascotbe · local

https://github.com/Ascotbe/Kernelhub

View Code ZIP pw:eip

References (5)

[Exploit] http://www.exploit-db.com/exploits/35936

[Third Party Advisory, VDB Entry] http://www.osvdb.org/114532

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-070

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70976

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/37755/

Scores

EPSS 0.5845

EPSS Percentile 98.2%

Details

VulnCheck KEV 2016-08-04

CWE

CWE-264

Status published

Products (1)

microsoft/windows_server_2003 (3 CPE variants)

Published Nov 11, 2014

Tracked Since Feb 18, 2026