Vulnerabilities > CVE-2011-0676 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 17 |
Msbulletin
bulletin_id | MS11-034 |
bulletin_url | |
date | 2011-04-12T00:00:00 |
impact | Elevation of Privilege |
knowledgebase_id | 2506223 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS11-034.NASL |
description | The remote host is running a version of the Windows kernel that is affected by the following types of vulnerabilities : - Several use-after-free vulnerabilities exist due to the way that Windows kernel-mode drivers manage kernel-mode driver objects. (CVE-2011-0662, CVE-2011-0665, CVE-2011-0666, CVE-2011-0667, CVE-2011-0670, CVE-2011-0671, CVE-2011-0672, CVE-2011-0674, CVE-2011-0675, CVE-2011-1234, CVE-2011-1235, CVE-2011-1236, CVE-2011-1237, CVE-2011-1238, CVE-2011-1239, CVE-2011-1240, CVE-2011-1241, CVE-2011-1242) - Several NULL pointer de-reference vulnerabilities exist due to the way that Windows kernel-mode drivers manage pointers to kernel-mode driver objects. (CVE-2011-0673, CVE-2011-0676, CVE-2011-0677, CVE-2011-1225, CVE-2011-1226, CVE-2011-1227, CVE-2011-1228, CVE-2011-1229, CVE-2011-1230, CVE-2011-1231, CVE-2011-1232, CVE-2011-1233) An attacker with local access to the affected system can exploit these issues to execute arbitrary code in kernel mode and take complete control of the affected system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 53391 |
published | 2011-04-13 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/53391 |
title | MS11-034: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223) |
code |
|
Oval
accepted 2014-03-03T04:00:28.561-05:00 class vulnerability contributors name Josh Turpin organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Sharath S organization SecPod Technologies name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft Windows 7 (32-bit) Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:12295 comment Microsoft Windows 7 x64 Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:12435 comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:12292 comment Microsoft Windows 7 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12627 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:11590 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:12159 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12567 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:12583
description win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." family windows id oval:org.mitre.oval:def:12416 status accepted submitted 2011-02-09T13:00:00 title Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676) version 79 accepted 2011-05-30T04:00:36.239-04:00 class vulnerability contributors name Josh Turpin organization Symantec Corporation name Gary M. Catlin organization Telos name Dragos Prisaca organization Symantec Corporation name Sharath S organization SecPod Technologies name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft Windows 7 (32-bit) Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:12295 comment Microsoft Windows 7 x64 Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:12435 comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:12292 comment Microsoft Windows 7 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12627 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:11590 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 Release Candidate is installed oval oval:org.mitre.oval:def:12159 comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed oval oval:org.mitre.oval:def:12567 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:12583
description win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." family windows id oval:org.mitre.oval:def:12474 status deprecated submitted 2011-02-09T13:00:00 title DEPRECATED: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676) version 77
References
- http://support.avaya.com/css/P8/documents/100133352
- http://www.securityfocus.com/bid/47220
- http://secunia.com/advisories/44156
- http://www.vupen.com/english/advisories/2011/0952
- http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx
- http://www.securitytracker.com/id?1025345
- http://www.us-cert.gov/cas/techalerts/TA11-102A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66405
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12474
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12416
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034