Executive Summary

Summary
Title Vulnerability in WINS Could Allow Remote Code Execution (2524426)
Informations
Name MS11-035 First vendor Publication 2011-05-10
Vendor Microsoft Last vendor Modification 2011-05-10
Severity (Vendor) Critical Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (May 10, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12724
 
Oval ID: oval:org.mitre.oval:def:12724
Title: WINS Service Failed Response Vulnerability
Description: WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1248
 Version: 7
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 5

ExploitDB Exploits

id Description
2011-09-13 MS WINS ECommEndDlg Input Validation Error
2011-09-13 Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption

OpenVAS Exploits

Date Description
2011-10-21 Name : Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
File : nvt/gb_ms11-035_remote.nasl
2011-05-11 Name : Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
File : nvt/secpod_ms11-035.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
72234 Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption R...

A memory corruption flaw exists in Microsoft Windows. The Windows Internet Name Service reuses certain data structures which contain data controlled by the attacker when handling socket send exceptions, resulting in memory corruption. With a specially crafted replication packet, a remote attacker may cause a LeaveCriticalSection call to operate on a controlled memory location, allowing them to execute arbitrary code.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft WINS service oversize payload exploit attempt
RuleID : 18950 - Revision : 7 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2011-05-19 Name : Arbitrary code can be executed on the remote host through Microsoft Windows I...
File : wins_ms11-035.nasl - Type : ACT_GATHER_INFO
2011-05-10 Name : Arbitrary code can be executed on the remote host through Microsoft Windows I...
File : smb_nt_ms11-035.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:46:58
  • Multiple Updates
2014-01-19 21:30:40
  • Multiple Updates