Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455) |
Informations | |||
---|---|---|---|
Name | MS11-019 | First vendor Publication | 2011-04-12 |
Vendor | Microsoft | Last vendor Modification | 2011-04-13 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (April 13, 2011): Clarified the vulnerability description in the Executive Summary.Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS11-019.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11995 | |||
Oval ID: | oval:org.mitre.oval:def:11995 | ||
Title: | SMB Client Response Parsing Vulnerability | ||
Description: | The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0660 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12637 | |||
Oval ID: | oval:org.mitre.oval:def:12637 | ||
Title: | Browser Pool Corruption Vulnerability | ||
Description: | Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0654 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) File : nvt/secpod_ms11-019.nasl |
2011-02-18 | Name : Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vuln... File : nvt/gb_ms_windows2k3_active_directory_bof_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71773 | Microsoft Windows Common Internet File System (CIFS) Malformed Browser Messag... Microsoft Windows is prone to an overflow condition. The 'BowserWriteErrorLogEntry' function in the CIFS browser service in 'Mrxsmb.sys' or 'bowser.sys' in Active Directory fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted BROWSER ELECTION message, a remote attacker can potentially execute arbitrary code. |
71772 | Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution Microsoft Windows contains a flaw related to the Microsoft Server Message Block's validation of SMB responses. This may allow a remote attacker to use a crafted SBM response to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows 2003 browser election remote heap overflow attempt RuleID : 18994 - Revision : 8 - Type : OS-WINDOWS |
2015-05-28 | Microsoft SMB CIFS split response message overflow attempt RuleID : 18677 - Revision : 3 - Type : SPECIFIC-THREATS |
2015-05-28 | Common Internet File System Browser Protocol BowserWriteErrorLogEntry RuleID : 18653 - Revision : 4 - Type : NETBIOS |
2014-01-10 | Microsoft Windows 2003 browser election remote heap overflow attempt RuleID : 18462 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16531 - Revision : 11 - Type : NETBIOS |
Metasploit Database
id | Description |
---|---|
2020-05-23 | Microsoft Windows Browser Pool DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : Arbitrary code can be executed on the remote host through the installed SMB c... File : smb_nt_ms11-019.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2016-03-06 13:24:49 |
|
2016-03-06 09:24:50 |
|
2015-05-28 21:26:37 |
|
2014-02-17 11:46:54 |
|
2014-01-19 21:30:38 |
|