CVE-2011-1974

CVE Database · CVE-2011-1974

CVE-2011-1974

· N/AModified

CVSS v3.1

N/A

EPSS

6.98%

Published

Aug 10, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

Weaknesses (CWE)

CWE-264

Affected Products (4)

microsoft · windows_2003_servervulnerable

microsoft · windows_server_2003vulnerable

microsoft · windows_xpvulnerable

References (10)

http://www.securityfocus.com/bid/48996

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-062

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12912