CVE-2014-4113 : win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

Published 2014-10-15 10:55:07

Updated 2025-02-10 19:15:33

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2014-4113

Microsoft » Windows Server 2003 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt » Version: N/A
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions

CVE-2014-4113 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Win32k Privilege Escalation Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2014-4113

Added on 2022-05-04 Action due date 2022-05-25

Exploit prediction scoring system (EPSS) score for CVE-2014-4113

EPSS FAQ

78.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2014-4113

Windows TrackPopupMenu Win32k NULL Pointer Dereference

Disclosure Date: 2014-10-14

First seen: 2020-04-26

exploit/windows/local/ms14_058_track_popup_menu

This module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary cod

More information

CVSS scores for CVE-2014-4113

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-10
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-07-02
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2014-4113

http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/

An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) - TrendLabs Security Intelligence Blog
Exploit;Not Applicable
http://packetstormsecurity.com/files/131964/Windows-8.0-8.1-x64-TrackPopupMenu-Privilege-Escalation.html

Windows 8.0 / 8.1 x64 TrackPopupMenu Privilege Escalation ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/39666/

Microsoft Windows Kernel - 'win32k.sys' Local Privilege Escalation (MS14-058) - Windows local Exploit
Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058

Microsoft Security Bulletin MS14-058 - Critical | Microsoft Docs
Patch;Vendor Advisory

CVEs referencing this url
https://github.com/sam-b/CVE-2014-4113

GitHub - sam-b/CVE-2014-4113: Trigger and exploit code for CVE-2014-4113
Third Party Advisory
http://www.securityfocus.com/bid/70364

Microsoft Windows Kernel 'Win32k.sys' CVE-2014-4113 Local Privilege Escalation Vulnerability
Broken Link;Third Party Advisory;VDB Entry
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx

Assessing Risk for the October 2014 Security Updates – Microsoft Security Response Center
Not Applicable;Vendor Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/37064/

Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058) - Windows_x86-64 local Exploit
Exploit;Third Party Advisory;VDB Entry
http://osvdb.org/show/osvdb/113167

Broken Link
http://secunia.com/advisories/60970

Sign in
Broken Link

CVEs referencing this url
http://www.exploit-db.com/exploits/35101

Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit) - Windows local Exploit
Exploit;Third Party Advisory;VDB Entry

Jump to