Executive Summary

Summary
Title Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
Informations
Name MS11-068 First vendor Publication 2011-08-09
Vendor Microsoft Last vendor Modification 2011-08-10
Severity (Vendor) Moderate Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Moderate

Revision Note: V1.1 (August 10, 2011): Revised the Server Core installation not affected notation for Windows Server 2008 and Windows Server 2008 R2 to clarify that the update will still be offered to systems installed using the Server Core installation option.

Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-068

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12663
 
Oval ID: oval:org.mitre.oval:def:12663
Title: Windows Kernel Metadata Parsing DOS Vulnerability
Description: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1971
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3
Os 5
Os 1

OpenVAS Exploits

Date Description
2011-08-11 Name : Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
File : nvt/secpod_ms11-068.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74407 Microsoft Windows Kernel File Metadata Handling Remote DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-08-11 IAVM : 2011-B-0104 - Microsoft Windows Kernel Remote Denial of Service Vulnerability
Severity : Category II - VMSKEY : V0029745

Nessus® Vulnerability Scanner

Date Description
2011-08-09 Name : The Windows kernel is affected by a vulnerability that could result in a deni...
File : smb_nt_ms11-068.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:47:05
  • Multiple Updates
2013-11-11 12:41:24
  • Multiple Updates
2013-05-11 00:49:52
  • Multiple Updates