CVE-2011-1874
Description
A use-after-free vulnerability in win32k.sys allows local users to gain elevated privileges via a crafted application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free vulnerability in win32k.sys allows local users to gain elevated privileges via a crafted application.
Vulnerability
A use-after-free vulnerability exists in the win32k.sys kernel-mode driver in Microsoft Windows. The flaw is caused by incorrect management of kernel-mode driver objects, leading to a use-after-free condition. Affected systems include Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 [1].
Exploitation
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The attacker then runs a specially crafted application that triggers the use-after-free condition by leveraging the flawed driver object management [1][2].
Impact
Successful exploitation allows the attacker to gain elevated privileges on the target system, potentially leading to complete control of the affected machine [1][3]. The attack is limited to local execution, requiring prior access to a valid user account.
Mitigation
Microsoft released security update MS11-054 (KB2555917) on July 12, 2011, which addresses this vulnerability. Customers with automatic updating enabled will receive the update automatically. Others should apply the update at the earliest opportunity. Avaya has also recommended that customers install the update on affected products [1][2][3].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
18cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 7 more
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.us-cert.gov/cas/techalerts/TA11-193A.htmlnvdUS Government Resource
- osvdb.org/73777nvd
- secunia.com/advisories/45186nvd
- support.avaya.com/css/P8/documents/100144947nvd
- www.securityfocus.com/bid/48587nvd
- www.securitytracker.com/idnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12585nvd
News mentions
0No linked articles in our index yet.