CVE-2011-1970

2011-08-1021:55:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-1970

microsoft

windows server

dns

memory corruption

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

Low

0.667 Medium

EPSS

Percentile

98.0%

JSON

The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka “DNS Uninitialized Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2003_serversp2

microsoftwindows_server_2003sp2

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Matchr2x64

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eqr2

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2