Published: 11/11/2014 Updated: 12/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 731

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2003

The tcpipsys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges Proof of concept exploit ...

/* ################################################################ # Exploit Title: Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation (MS14-070) # Date: 2015-08-10 # Exploit Author: Tomislav Paskalev # Vulnerable Software: # Windows 2003 SP2 x86 # Windows 2003 SP2 x86-64 # Windows 2003 SP2 IA-64 # Supported vulnerable software: # Windows 2 ...

""" KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-001 Publication Date: 20150128 Publication URL: wwwkorelogiccom/Resources/Advisories/KL-001-2015-001txt 1 Vulnerability Details Affe ...

Windows 2k3 tcpip.sys Privilege Escalation

CVE-2014-4076 PoC This proof of concept directly copied from its original python version and rewritten in C++ Build This project is built with Visual Studio 2013 Update 4 Notice Only users that in Administrators group can open the device and perform IO controls, which means the exploit only escalate Administrators to SYSTEM, and does not help in a webshell environment at all

Windows 2k3 tcpip.sys Privilege Escalation

CVE-2014-4076 PoC This proof of concept directly copied from its original python version and rewritten in C++ Build This project is built with Visual Studio 2013 Update 4 Notice Only users that in Administrators group can open the device and perform IO controls, which means the exploit only escalate Administrators to SYSTEM, and does not help in a webshell environment at all

idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro

Overview Requirements Features Scripting Usage Simulate without executing Initial analysis Execute IDA Python script Binary diffing Requirements Initial analysis Diffing files Diffing a function Filters Architecture detection Target-specific Known projects using idahunt Overview idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro

CWE-264 http://www.exploit-db.com/exploits/35936 http://www.osvdb.org/114532 http://www.securityfocus.com/bid/70976 https://www.exploit-db.com/exploits/37755/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-070 https://nvd.nist.gov https://github.com/fungoshacks/CVE-2014-4076 https://packetstormsecurity.com/files/130159/Microsoft-Windows-Server-2003-SP2-Arbitrary-Write-Privilege-Escalation.html https://www.exploit-db.com/exploits/37755/

CVE-2014-4076

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect