First published: Wed Oct 12 2011(Updated: )
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows Ancillary Function Driver for WinSock | ||
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-2005 is classified as a critical vulnerability due to its potential for privilege escalation.
To fix CVE-2011-2005, apply the Microsoft security update MS11-080 provided for affected systems.
CVE-2011-2005 affects Microsoft Windows XP SP2, SP3, and Windows Server 2003 SP2.
No, CVE-2011-2005 requires local access to exploit the vulnerability.
Exploiting CVE-2011-2005 allows local users to gain elevated privileges on the system.