CVE-2011-1249
Title: Microsoft Windows 2003 Server Auth Bypass
Auth Bypass
Proof Of Concept
PoC Available for CVE-2011-1249
CWE Category
CWE-264
Published Date
Jun 16, 2011
Modified Date
Jun 16, 2026
Exploit Status
Available
Score
7.2
CVSS v2.0
Exploit Probability (EPSS)
8.49%
Vulnerability Summary
CVE-2011-1249: The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Impacted Vendors
Reference Links
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731
https://www.exploit-db.com/exploits/40564/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731
https://www.exploit-db.com/exploits/40564/
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
7.2
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:L/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2011-1249 Exploits & PoCs (Proof Of Concept)
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.