Executive Summary
Summary | |
---|---|
Title | Vulnerability in SMB Server Could Allow Denial of Service (2536275) |
Informations | |||
---|---|---|---|
Name | MS11-048 | First vendor Publication | 2011-06-14 |
Vendor | Microsoft | Last vendor Modification | 2011-06-14 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (June 14, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS11-048.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12654 | |||
Oval ID: | oval:org.mitre.oval:def:12654 | ||
Title: | SMB Request Parsing Vulnerability | ||
Description: | The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1267 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-06-15 | Name : Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275) File : nvt/secpod_ms11-048.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72936 | Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-06-16 | IAVM : 2011-A-0078 - Microsoft Server Message Block (SMB) Denial of Service Vulnerability Severity : Category I - VMSKEY : V0028598 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Vista SMB2 zero length write attempt RuleID : 20132 - Revision : 4 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB2 zero length write attempt RuleID : 19191 - Revision : 7 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-06-15 | Name : The remote Windows host has a denial of service vulnerability. File : smb_nt_ms11-048.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:47:01 |
|
2014-01-19 21:30:41 |
|
2013-11-11 12:41:23 |
|