KEVIntel
Back to KEVs
7.8
CVSS
High

CVE-2014-4113

PUBLISHED

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...

Exploited in the wild Low complexity
Vendor
Microsoft
Product
Windows
Published
Oct 15, 2014
EPSS

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

windows cisa metasploit

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0 7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2022-05-04 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA May 04, 2022

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms14_058_track_popup_menu.rb Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

ms14_058_track_popup_menu

metasploit · Created Unknown

Metasploit module for CVE-2014-4113

sam-b/CVE-2014-4113

github · Created 2016-02-07 14:18:45 UTC · 42 stars

Trigger and exploit code for CVE-2014-4113

nsxz/Exploit-CVE-2014-4113

github · Created 2016-01-22 07:05:52 UTC · 5 stars

Exploit CVE-2014-4113

johnjohnsp1/CVE-2014-4113

github · Created 2014-11-19 04:26:33 UTC · 3 stars

PowerShell CVE-2014-4113

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit