Lucene search

K

[email protected]NVD:CVE-2011-0039

HistoryFeb 09, 2011 - 1:00 a.m.

CVE-2011-0039

2011-02-0901:00:08

CWE-287

[email protected]

web.nvd.nist.gov

3

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

38.8%

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka “LSASS Length Validation Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_2003_serversp2

OR

microsoftwindows_2003_serversp2itanium

OR

microsoftwindows_2003_serversp2x64

OR

microsoftwindows_xpsp3

OR

microsoftwindows_xpMatch-sp2x64

References

secunia.com/advisories/43253

www.securityfocus.com/bid/46152

www.securitytracker.com/id?1025049

www.vupen.com/english/advisories/2011/0327

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

38.8%

Related for NVD:CVE-2011-0039

prion1 cvelist1 cve1 openvas2 nessus1 checkpoint_advisories1 securityvulns1