Vulnerabilities > CVE-2011-1985 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 13 |
Exploit-Db
description | Win32k Null Pointer De-reference Vulnerability PoC (MS11-077). CVE-2011-1985. Dos exploit for windows platform |
id | EDB-ID:18024 |
last seen | 2016-02-02 |
modified | 2011-10-23 |
published | 2011-10-23 |
reporter | KiDebug |
source | https://www.exploit-db.com/download/18024/ |
title | Win32k Null Pointer De-reference Vulnerability PoC MS11-077 |
Msbulletin
bulletin_id | MS11-077 |
bulletin_url | |
date | 2011-10-11T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2567053 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS11-077.NASL |
description | The remote host is running a version of the Windows kernel that is affected by the following vulnerabilities : - A NULL pointer deference that could allow privilege escalation. (CVE-2011-1985) - A DoS caused by processing a specially crafted TrueType font file. (CVE-2011-2002) - A code execution vulnerability triggered by tricking a user into opening a specially crafted .fon font file. (CVE-2011-2003) - A use after free vulnerability that could allow privilege escalation. (CVE-2011-2011) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 56451 |
published | 2011-10-11 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/56451 |
title | MS11-077: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) |
code |
|
Oval
accepted | 2013-05-06T04:01:10.456-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:12935 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-10-11T13:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Win32k Null Pointer De-reference Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 74 |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:23121 last seen 2017-11-19 modified 2011-10-24 published 2011-10-24 reporter Root source https://www.seebug.org/vuldb/ssvid-23121 title MS11-077 Win32k Null Pointer De-reference Vulnerability POC bulletinFamily exploit description BUGTRAQ ID: 49968 CVE ID: CVE-2011-1985 Microsoft Windows是流行的计算机操作系统。 Windows Kernel在Win32k.sys的实现上存在本地权限提升漏洞,远程攻击者可利用此漏洞以内核权限执行任意代码,导致完全控制受影响计算机。 Microsoft Windows XP Microsoft Windows Server Microsoft Vista Microsoft Windows 7 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS11-077)以及相应补丁: MS11-077:Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) 链接:http://www.microsoft.com/technet/security/bulletin/MS11-077.mspx id SSV:20998 last seen 2017-11-19 modified 2011-10-12 published 2011-10-12 reporter Root title Microsoft Windows Kernel Win32k.sys本地权限提升漏洞(MS11-077)(CVE-2011-1985)