Vulnerabilities > CVE-2011-0638 - Configuration vulnerability in Microsoft Windows

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
CWE-16
NVD
Published: 2011-01-25
Updated: 2024-11-21

Summary

Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Oval

accepted2015-08-10T04:00:15.174-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentMicrosoft Windows is installed
ovaloval:org.mitre.oval:def:7133
descriptionMicrosoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
familywindows
idoval:org.mitre.oval:def:12566
statusaccepted
submitted2011-02-25T14:33:46
titleMicrosoft Windows Human Interface Device (HID) driver is prone to security bypass vulnerability.
version27

References