Vulnerabilities > CVE-2011-1971 - Resource Management Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

CWE-399

nessus

NVD

Published: 2011-08-10

Updated: 2023-12-07

Summary

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows Server 2008 * Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 - Microsoft Windows 7 - Microsoft Windows Vista *	9

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Msbulletin

bulletin_id	MS11-068
bulletin_url
date	2011-08-09T00:00:00
impact	Denial of Service
knowledgebase_id	2556532
knowledgebase_url
severity	Moderate
title	Vulnerability in Windows Kernel Could Allow Denial of Service

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS11-068.NASL
description	The remote host is running a Windows kernel version that is affected by a denial of service vulnerability involving the code that handles parsing file metadata when browsing a folder. A remote attacker could exploit this issue by tricking a user into opening a folder containing a specially crafted file, resulting in a denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	55798
published	2011-08-09
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/55798
title	MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55798); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id("CVE-2011-1971"); script_bugtraq_id(48997); script_xref(name:"MSFT", value:"MS11-068"); script_xref(name:"IAVB", value:"2011-B-0104"); script_xref(name:"MSKB", value:"2556532"); script_name(english:"MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)"); script_summary(english:"Checks version of Ntoskrnl.exe"); script_set_attribute(attribute:"synopsis", value: "The Windows kernel is affected by a vulnerability that could result in a denial of service."); script_set_attribute(attribute:"description", value: "The remote host is running a Windows kernel version that is affected by a denial of service vulnerability involving the code that handles parsing file metadata when browsing a folder. A remote attacker could exploit this issue by tricking a user into opening a folder containing a specially crafted file, resulting in a denial of service."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-068"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS11-068'; kb = "2556532"; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( # Windows 7 / Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Ntoskrnl.exe", version:"6.1.7601.21755", min_version:"6.1.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Ntoskrnl.exe", version:"6.1.7601.17640", min_version:"6.1.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:0, file:"Ntoskrnl.exe", version:"6.1.7600.20994", min_version:"6.1.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:0, file:"Ntoskrnl.exe", version:"6.1.7600.16841", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Vista / Windows Server 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntoskrnl.exe", version:"6.0.6002.22662", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntoskrnl.exe", version:"6.0.6002.18484", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2012-07-30T04:00:08.129-04:00

class

vulnerability

contributors

name Josh Turpin
organization Symantec Corporation
name Chandan S
organization SecPod Technologies

definition_extensions

comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:6124
comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:5594
comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:5653
comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6216
comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6150
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
oval oval:org.mitre.oval:def:12292
comment Microsoft Windows 7 x64 Service Pack 1 is installed
oval oval:org.mitre.oval:def:12627
comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
oval oval:org.mitre.oval:def:12567
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
oval oval:org.mitre.oval:def:12583

description

family

windows

oval:org.mitre.oval:def:12663

status

accepted

submitted

2011-08-09T13:00:00

title

Windows Kernel Metadata Parsing DOS Vulnerability

version

Seebug

bulletinFamily	exploit
description	Bugtraq ID: 48997 CVE ID：CVE-2011-1971 Microsoft Windows是一款流行的操作系统。在解析文件中的元数据信息时内核存在错误，可导致系统崩溃。要成功利用漏洞需要用户浏览器包含特制文件的文件夹(如浏览网络共享或WEB站点引用的网络共享) Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 厂商解决方案用户可参考如下供应商提供的安全公告获得补丁信息： http://www.microsoft.com/technet/security/Bulletin/MS11-068.mspx
id	SSV:20834
last seen	2017-11-19
modified	2011-08-10
published	2011-08-10
reporter	Root
title	Microsoft Windows Kernel CVE-2011-1971远程拒绝服务漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Msbulletin

Nessus

Oval

Seebug

References