Vulnerabilities > CVE-2011-0638 - Configuration vulnerability in Microsoft Windows

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
microsoft
CWE-16
NVD
Published: 2011-01-25
Updated: 2017-09-19

Summary

Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Oval

accepted2015-08-10T04:00:15.174-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentMicrosoft Windows is installed
ovaloval:org.mitre.oval:def:7133
descriptionMicrosoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
familywindows
idoval:org.mitre.oval:def:12566
statusaccepted
submitted2011-02-25T14:33:46
titleMicrosoft Windows Human Interface Device (HID) driver is prone to security bypass vulnerability.
version27

References