VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 13, 2011· Updated Apr 29, 2026

CVE-2011-1225

CVE-2011-1225

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in win32k.sys allows local users to gain privileges via a crafted application, affecting multiple Windows versions.

Vulnerability

CVE-2011-1225 is a NULL pointer de-reference vulnerability in the win32k.sys kernel-mode driver in Microsoft Windows. It affects Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 [1][2]. The vulnerability occurs when the kernel-mode driver improperly handles a pointer to a kernel-mode driver object, leading to a NULL pointer dereference when processing a specially crafted application [1]. This is distinct from other "Vulnerability Type 2" CVEs addressed in MS11-034 [1][2].

Exploitation

An attacker must have valid logon credentials and be able to log on locally to the target system [1][3]. The attacker then runs a specially crafted application that triggers the NULL pointer dereference in win32k.sys [1]. No remote exploitation or anonymous user access is possible [1]. The exploitation requires no user interaction beyond the attacker locally executing the malicious application.

Impact

Successful exploitation allows the attacker to gain elevated privileges on the affected system [1][3]. This can lead to complete compromise of the system, including the ability to execute arbitrary code in kernel mode, install programs, and view, change, or delete data [1]. The attacker achieves the same privilege level as the kernel, effectively gaining full control over the operating system.

Mitigation

Microsoft addressed this vulnerability in Security Bulletin MS11-034, released on April 12, 2011 [1]. The security update is rated Important for all supported releases of Microsoft Windows and corrects the way the kernel-mode drivers manage pointers to kernel-mode driver objects [1]. Customers with automatic updating enabled will receive the update automatically [1]. Avaya also recommends customers install the security update via Microsoft Windows Update [2]. No workarounds are documented, and manual installation via Microsoft Update or Windows Server Update Services (WSUS) is recommended for enterprise environments [1][3].

References
  1. Microsoft Security Bulletin MS11-034 - Important
  2. ASA-2011-110 MS11-034 (2506223)
  3. Microsoft Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

19
  • Microsoft/Windows Server 20032 versions
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows 73 versions
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
  • Microsoft/Windows Server 20088 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 7 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Windows Vista2 versions
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Xp3 versions
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    • (no CPE)range: SP2, SP3
  • Microsoft/win32k.sysllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.