Back to KEVs

CVE-2014-4113

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 12, 2014
Published Date
October 15, 2014
Last Updated
February 10, 2025
Vendor
Microsoft
Product
Windows
Description
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
Tags
windows cisa metasploit_scanner

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-05-04 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2016-01-22 07:05:52 UTC) Source

References

http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://packetstormsecurity.com/files/131964/Windows-8.0-8.1-x64-TrackPopupMenu-Privilege-Escalation.html http://secunia.com/advisories/60970 https://www.exploit-db.com/exploits/37064/ http://www.securityfocus.com/bid/70364 http://osvdb.org/show/osvdb/113167 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-058 https://www.exploit-db.com/exploits/39666/ http://www.exploit-db.com/exploits/35101 https://github.com/sam-b/CVE-2014-4113 http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-05-04 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms14_058_track_popup_menu.rb 2025-04-29 11:01:41 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ms14_058_track_popup_menu

Type: metasploit • Created: Unknown

Metasploit module for CVE-2014-4113

sam-b/CVE-2014-4113

Type: github • Created: 2016-02-07 14:18:45 UTC • Stars: 42

Trigger and exploit code for CVE-2014-4113

nsxz/Exploit-CVE-2014-4113

Type: github • Created: 2016-01-22 07:05:52 UTC • Stars: 5

Exploit CVE-2014-4113

johnjohnsp1/CVE-2014-4113

Type: github • Created: 2014-11-19 04:26:33 UTC • Stars: 3

PowerShell CVE-2014-4113

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • Detected by Metasploit