CVE-2011-0087
Description
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local elevation-of-privilege vulnerability exists in win32k.sys on multiple Windows versions due to improper validation of user-mode input.
Vulnerability
An elevation of privilege vulnerability (CVE-2011-0087) exists in the kernel-mode driver win32k.sys on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2. The flaw is due to insufficient validation of user-mode input passed to the Windows kernel-mode drivers, allowing a crafted application to trigger the vulnerable code path. This vulnerability is one of five addressed in Microsoft Security Bulletin MS11-012 [1].
Exploitation
An attacker must have valid logon credentials and be able to log on locally to the target system. The attacker then runs a specially crafted application that exploits the improper input validation in win32k.sys. No user interaction is required beyond the attacker's own login and execution of the malicious application [1].
Impact
Successful exploitation allows an attacker to gain elevated privileges on the system, potentially achieving complete control over the affected machine. The impact is local privilege escalation, enabling the attacker to execute arbitrary code in kernel mode, which can lead to full compromise of confidentiality, integrity, and availability [1].
Mitigation
Microsoft released security update MS11-012 in February 2011, which corrects the way the Windows kernel-mode drivers validate input passed from user mode. The update is rated Important and is available for all affected Windows versions. Customers with automatic updating enabled are protected automatically; others should apply the update manually. No workaround is documented beyond applying the patch [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 5 more
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/43255nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0325nvdVendor Advisory
- osvdb.org/70819nvd
- www.securityfocus.com/bid/46148nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12312nvd
News mentions
0No linked articles in our index yet.