Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:951982
HistoryNov 08, 2011 - 12:00 a.m.

Microsoft Windows UDP packet parsing vulnerability

2011-11-0800:00:00
www.kb.cert.org
20

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.191

Percentile

96.4%

JSON

Overview

A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service.

Description

Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a vulnerability when processing a continuous flow of specially crafted UDP packets, which results in an integer overflow.

Impact

Microsoft Security Bulletin MS11-083 states:

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Apply an update
This issue is addressed in Microsoft Security Bulletin MS11-083.

Block unused UDP ports at the perimeter firewall

Microsoft is recommending states that blocking unused (closed) UDP ports at the perimeter firewall helps protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft has additional information on tcp and udp port assignments their website.

Vendor Information

951982

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation Affected

Updated: November 08, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Microsoft Security Response Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-2013
Severity Metric: 20.66 Date Public:

Related

cve 1
prion 1
openvas 2
exploitdb 1
nvd 1
seebug 1
checkpoint_advisories 2
cvelist 1
nessus 1
securityvulns 1
cve
cve
CVE-2011-2013
2011-11-08 21:55:01
prion
prion
Integer overflow
2011-11-08 21:55:00
openvas
openvas
Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
2011-11-09 00:00:00
Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
2011-11-09 00:00:00
exploitdb
exploitdb
Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083)
2011-11-08 00:00:00
nvd
nvd
CVE-2011-2013
2011-11-08 21:55:01
seebug
seebug
Microsoft Windows TCP/IP引用计数溢出漏洞(MS11-083)
2011-11-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Web Servers UDP Flooding Denial of Service (CVE-2011-2013)
2011-12-06 00:00:00
Microsoft Windows TCP/IP Stack Reference Counter Overflow (MS11-083; CVE-2011-2013)
2011-12-06 00:00:00
cvelist
cvelist
CVE-2011-2013
2011-11-08 21:00:00
nessus
nessus
MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
2011-11-08 00:00:00
securityvulns
securityvulns
Microsoft Windows kernel UDP processing integer overflow
2011-11-09 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.191

Percentile

96.4%

JSON
Related for VU:951982
cve1prion1openvas2exploitdb1nvd1seebug1checkpoint_advisories2cvelist1nessus1securityvulns1