CVE-2011-1968

2011-08-1021:55:01

CWE-399

microsoft

web.nvd.nist.gov

cve-2011-1968

remote desktop protocol

rdp

denial of service

vulnerability

microsoft windows xp

windows server 2003

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.6

Confidence

High

EPSS

0.964

Percentile

99.6%

JSON

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka “Remote Desktop Protocol Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_2003_serversp2

microsoftwindows_server_2003sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*