CVE-2011-2005

HIGH
2011-10-12 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:17 vuln.today
Added to CISA KEV
Oct 22, 2025 - 01:15 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 01:15 vuln.today
Public exploit code
Patch Released
Oct 22, 2025 - 01:15 nvd
Patch available
CVE Published
Oct 12, 2011 - 02:52 nvd
HIGH 7.8

Tags

Windows

Description

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

Analysis

Windows afd.sys (Ancillary Function Driver) in XP and Server 2003 improperly validates user-mode input passed to kernel mode, allowing local users to escalate privileges to SYSTEM via a crafted application.

Technical Context

afd.sys handles Winsock operations in kernel mode. The vulnerability occurs when the driver copies user-supplied data to kernel buffers without proper size or content validation, allowing an attacker to corrupt kernel memory and redirect execution flow.

Affected Products

['Microsoft Windows XP SP2/SP3', 'Microsoft Windows Server 2003 SP2']

Remediation

Apply Microsoft security update MS11-046. These OS versions are long past end-of-life and should be replaced with modern supported Windows versions.

Priority Score

186
Low Medium High Critical
KEV: +50
EPSS: +67.1
CVSS: +39
POC: +20

Share

CVE-2011-2005 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy