Microsoft Windows TCP/IP Stack Privilege Escalation Vulnerabilities

Summary

Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka ‘TCP/IP Elevation of Privilege Vulnerability.’

Credit:

The information has been provided by Matt Bergin of KoreLogic Security .


Details

Vulnerable Systems:
 * Microsoft Windows Server 2003 SP2

Microsoft Windows TCP/IP stack (tcpip.sys and tcpip6.sys) could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of objects in memory. By running a specially crafted application, an authenticated attacker could exploit this vulnerability to run arbitrary code in the context of another process and potentially take complete control over the system.

CVE Information:
CVE-2014-4076

Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 11/12/2014

Categories: Windows