Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows DNS server security vulnerabilities
Published:10.08.2011
Source:
SecurityVulns ID:11840
Type:remote
Threat Level:
7/10
Description:Memory corruption on NAPTR record handling, uninitialized memory access on non-existent domain lookup.
Affected:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability.")
 CVE-2011-1966 (The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability.")
Files:Microsoft Security Bulletin MS11-058 - Critical Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod