ID CVE-2011-1886
Summary win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 12-10-2018 - 22:01)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2011-08-22T04:00:50.356-04:00
class vulnerability
contributors
name Dragos Prisaca
organization Symantec Corporation
definition_extensions
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
description win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability."
family windows
id oval:org.mitre.oval:def:12778
status accepted
submitted 2011-07-12T13:00:00
title win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability (CVE-2011-1886)
version 69
refmap via4
bid 48607
cert TA11-193A
confirm http://support.avaya.com/css/P8/documents/100144947
ms MS11-054
osvdb 73791
sectrack 1025761
secunia 45186
vulnerable_product via4 cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Last major update 12-10-2018 - 22:01
Published 13-07-2011 - 23:55
Back to Top