MS11-062 MS11-062 - Important : Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) - Version: 1.0
Version2011-08-09
Severity Rating: Important
Revision Note: V1.0 (August 9, 2011): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability and take complete control over the affected system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-08-10
Updated
2019-02-26