Computer Security
[EN] securityvulns.ru
no-pyccku

  

Microsoft Windows multiple security vulnerabilities
updated since 15.06.2011
Published:19.06.2011
Source:MICROSOFT
SecurityVulns ID:11730
Type:client
Level:8/10
Description:Buffer overflow on WMF files parsing. Uninitialized pointers on OTF parsing. DFS memory corruptions. SMB client and server memory corruptions. afd.sys privilege escalation.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-1873 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability.")
 CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability.")
 CVE-2011-1868 (The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability.")
 CVE-2011-1268 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability.")
 CVE-2011-1267 (The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability.")
 CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability.")
 CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038) (19.06.2011)
Files:Microsoft Security Bulletin MS11-038 - Critical Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
 Microsoft Security Bulletin MS11-041 - Critical Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
 Microsoft Security Bulletin MS11-042 - Critical Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
 Microsoft Security Bulletin MS11-043 - Critical Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
 Microsoft Security Bulletin MS11-046 - Important Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
 Microsoft Security Bulletin MS11-048 - Important Vulnerability in SMB Server Could Allow Denial of Service (2536275)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru