This whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is “MS11-046: Vulnerability in Windows AFD.sys” which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires.
You can download it from the following link: https://packetstormsecurity.com/files/download/111658/dissecting-ohday.pdf
Source: https://packetstormsecurity.com/files/111658/MS11-046-Dissecting-A-0-Day.html