ID CVE-2011-0673
Summary win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 12-10-2018 - 21:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-05-30T04:00:43.699-04:00
class vulnerability
contributors
name Josh Turpin
organization Symantec Corporation
definition_extensions
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
description win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."
family windows
id oval:org.mitre.oval:def:12546
status accepted
submitted 2011-02-09T13:00:00
title Win32k Null Pointer De-reference Vulnerability (CVE-2011-0673)
version 68
refmap via4
bid 47234
cert TA11-102A
confirm http://support.avaya.com/css/P8/documents/100133352
misc http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx
ms MS11-034
sectrack 1025345
secunia 44156
vupen ADV-2011-0952
xf mswin-win32k-var8-priv-escalation(66402)
Last major update 12-10-2018 - 21:59
Published 13-04-2011 - 20:26
Back to Top