Executive Summary
Summary | |
---|---|
Title | Microsoft Windows browser election message kernel pool overflow |
Informations | |||
---|---|---|---|
Name | VU#323172 | First vendor Publication | 2011-02-16 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#323172Microsoft Windows browser election message kernel pool overflowOverviewA vulnerability exists in the way the Microsoft Windows browser service handles Browser Election messages.I. DescriptionFrom Description of the Microsoft Computer Browser Service:"The browser service maintains a list of the domain name or workgroup name the computer is in, and the protocol being used for each computer on the network segment being served by the computer running the browser service. On each network segment, a master browser is elected from the group of computers located on the segment that are running the browser service." Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS11-19.
Referenceshttp://www.microsoft.com/technet/security/bulletin/MS11-019.mspx This document was written by David Warren.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/323172 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12637 | |||
Oval ID: | oval:org.mitre.oval:def:12637 | ||
Title: | Browser Pool Corruption Vulnerability | ||
Description: | Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0654 | Version: | 8 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 4 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455) File : nvt/secpod_ms11-019.nasl |
2011-02-18 | Name : Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vuln... File : nvt/gb_ms_windows2k3_active_directory_bof_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71773 | Microsoft Windows Common Internet File System (CIFS) Malformed Browser Messag... Microsoft Windows is prone to an overflow condition. The 'BowserWriteErrorLogEntry' function in the CIFS browser service in 'Mrxsmb.sys' or 'bowser.sys' in Active Directory fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted BROWSER ELECTION message, a remote attacker can potentially execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows 2003 browser election remote heap overflow attempt RuleID : 18994 - Revision : 8 - Type : OS-WINDOWS |
2015-05-28 | Common Internet File System Browser Protocol BowserWriteErrorLogEntry RuleID : 18653 - Revision : 4 - Type : NETBIOS |
2014-01-10 | Microsoft Windows 2003 browser election remote heap overflow attempt RuleID : 18462 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : Arbitrary code can be executed on the remote host through the installed SMB c... File : smb_nt_ms11-019.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:01 |
|
2013-05-11 00:57:01 |
|