MS12-009: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)

Issued: 14 FEB 2012

Internet Security Systems Guidance

Two privately reported vulnerabilities in afd.sys were addressed in this update. Both of these could be leveraged to gain an escalation of privilege if a local authenticated attacker ran a specially crafted program. Exploitation would allow the attacker to run code in the context of the kernel.

Coverage Related CVEs Coverage Date Exploit Dates Content Update Versions
win-ms12kb2645640-update CVE-2012-0149
14 FEB 2012 N/A Enterprise Scanner 1.90
Internet Scanner software 7.2 XPU 7.2.104


X-Force Database: