| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS14-003 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602) | Windows 7 | Important | 15-01-2014 |
Technical Information
Brief overview of the risk:
The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Detailed Information on the risk:
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly uses window handle thread-owned objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.
Further information on this exploit is available at : MS14-003
Affected Software
Windows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1