fkie_cve-2011-0086
Vulnerability from fkie_nvd
Published
2011-02-09 01:00
Modified
2024-11-21 01:23
Severity ?
Summary
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
References
secure@microsoft.comhttp://osvdb.org/70818
secure@microsoft.comhttp://secunia.com/advisories/43255
secure@microsoft.comhttp://www.securityfocus.com/bid/46141
secure@microsoft.comhttp://www.vupen.com/english/advisories/2011/0325Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12070
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70818
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43255
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46141
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0325Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12070
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_7 *
microsoft windows_7 -
microsoft windows_server_2003 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 -
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista -
microsoft windows_xp *
microsoft windows_xp -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                     matchCriteriaId: "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D56B932B-9593-44E2-B610-E4EB2143EB21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E33796DB-4523-4F04-B564-ADF030553D51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                     matchCriteriaId: "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                     matchCriteriaId: "9CFB1A97-8042-4497-A45D-C014B5E240AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                     matchCriteriaId: "7F9C7616-658D-409D-8B53-AC00DC55602A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*",
                     matchCriteriaId: "B2B19826-5516-4899-9599-F95D0A03FBCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
                     matchCriteriaId: "4945F25F-2828-4D03-930B-A109BA73E00C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                     matchCriteriaId: "B8A32637-65EC-42C4-A892-0E599562527C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "FFF81F4B-7D92-4398-8658-84530FB8F518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                     matchCriteriaId: "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "0A0D2704-C058-420B-B368-372D1129E914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"Win32k Improper User Input Validation Vulnerability.\"",
      },
      {
         lang: "es",
         value: "win32k.sys en los controladores de modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7 no valida correctamente la entrada en modo de usuario, lo que permite a usuarios locales conseguir privilegios a través de una aplicación manipulada, también conocido como \"Win32k Improper User Input Validation Vulnerability.\"",
      },
   ],
   id: "CVE-2011-0086",
   lastModified: "2024-11-21T01:23:18.130",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2011-02-09T01:00:08.320",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://osvdb.org/70818",
      },
      {
         source: "secure@microsoft.com",
         url: "http://secunia.com/advisories/43255",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/bid/46141",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0325",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012",
      },
      {
         source: "secure@microsoft.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/70818",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/43255",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/46141",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0325",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12070",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.