certfr_avis - certa-2011-avi-441

CERTA-2011-AVI-441

Vulnerability from certfr_avis

Un vulnérabilité permettant à une personne malintentionnée d'effectuer un déni de service distant a été découverte dans le protocole Bureau à distance (RDP) de Windows.

Description

Une vulnérabilité existe dans le protocole Bureau à distance de Windows. Elle permet à une personne malintentionnée de causer un déni de service à distance grâce à l'envoi de paquets RDP spécialement conçus.

Cette faille est d'ores et déjà utilisée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2003 Édition x64 Service Pack 2 ;
Microsoft	Windows	Windows XP Professionnel Édition x64 Service Pack 2 ;
Microsoft	Windows	Windows Server 2003 avec SP2 pour systèmes Itanium.
Microsoft	Windows	Windows XP Service Pack 3 ;
Microsoft	Windows	Windows Server 2003 Service Pack 2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS-11-065 du 09 août 2011	None	vendor-advisory
Bulletin de sécurité Microsoft MS11-065 du 09 août 2011 :	-	other
Bulletin de sécurité Microsoft MS11-065 du 09 août 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2003 \u00c9dition x64 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel \u00c9dition x64 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 avec SP2 pour syst\u00e8mes Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Service Pack 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 existe dans le protocole Bureau \u00e0 distance de Windows.\nElle permet \u00e0 une personne malintentionn\u00e9e de causer un d\u00e9ni de service\n\u00e0 distance gr\u00e2ce \u00e0 l\u0027envoi de paquets RDP sp\u00e9cialement con\u00e7us.\n\nCette faille est d\u0027ores et d\u00e9j\u00e0 utilis\u00e9e dans le cadre d\u0027attaques\ncibl\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1968"
    }
  ],
  "initial_release_date": "2011-08-10T00:00:00",
  "last_revision_date": "2011-08-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-065 du 09 ao\u00fbt 2011 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS11-065.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-065 du 09 ao\u00fbt 2011 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-065.mspx"
    }
  ],
  "reference": "CERTA-2011-AVI-441",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Un vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e d\u0027effectuer\nun d\u00e9ni de service distant a \u00e9t\u00e9 d\u00e9couverte dans le protocole \u003cspan\nclass=\"textit\"\u003eBureau \u00e0 distance\u003c/span\u003e (RDP) de \u003cspan\nclass=\"textit\"\u003eWindows\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la protocole RDP de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS-11-065 du 09 ao\u00fbt 2011",
      "url": null
    }
  ]
}

CVE-2011-1968 (GCVE-0-2011-1968)

Vulnerability from cvelistv5

Published

2011-08-10 21:16

Modified

2024-08-06 22:46

Severity ?

CWE

Summary

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."

References

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12806	vdb-entry, signature, x_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-065	vendor-advisory, x_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA11-221A.html	third-party-advisory, x_refsource_CERT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:12806",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12806"
          },
          {
            "name": "MS11-065",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-065"
          },
          {
            "name": "TA11-221A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka \"Remote Desktop Protocol Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:12806",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12806"
        },
        {
          "name": "MS11-065",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-065"
        },
        {
          "name": "TA11-221A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka \"Remote Desktop Protocol Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:12806",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12806"
            },
            {
              "name": "MS11-065",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-065"
            },
            {
              "name": "TA11-221A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1968",
    "datePublished": "2011-08-10T21:16:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2011-AVI-441

Vulnerability from certfr_avis

Description

Solution

CVE-2011-1968 (GCVE-0-2011-1968)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature