Skip to content

Latest commit

 

History

History
 
 

MS11-046

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

MS11-046

The Ancillary Function Driver (AFD) supports Windows sockets applications and is contained in the afd.sys file. 
The afd.sys driver runs in kernel mode and manages the Winsock TCP/IP communications protocol. An elevation of 
privilege vulnerability exists where the AFD improperly validates input passed from user mode to the kernel. 
An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. 
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode 
(i.e. with NT AUTHORITY\SYSTEM privileges).

Vulnerability reference:

Usage

c:\> MS11-046.exe

win7