Vulnerability & Exploit Database

Back to search

MS14-002 Microsoft Windows ndproxy.sys Local Privilege Escalation

This module exploits a flaw in the ndproxy.sys driver on Windows XP SP3 and Windows 2003 SP2 systems, exploited in the wild in November, 2013. The vulnerability exists while processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, where user provided input is used to access an array unsafely, and the value is used to perform a call, leading to a NULL pointer dereference which is exploitable on both Windows XP and Windows 2003 systems. This module has been tested successfully on Windows XP SP3 and Windows 2003 SP2. In order to work the service "Routing and Remote Access" must be running on the target system.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Unknown
  • ryujin
  • Shahin Ramezany
  • juan vazquez <juan.vazquez [at]>



  • Automatic
  • Windows XP SP3
  • Windows Server 2003 SP2


  • windows


  • x86



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/local/ms_ndproxy msf exploit(ms_ndproxy) > show targets ...targets... msf exploit(ms_ndproxy) > set TARGET <target-id> msf exploit(ms_ndproxy) > show options and set options... msf exploit(ms_ndproxy) > exploit

Related Vulnerabilities