Vulnerabilities > CVE-2011-2013 - Numeric Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 9 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Microsoft Windows TCP/IP Stack Reference Counter Integer Overflow Vulnerability. CVE-2011-2013. Dos exploit for windows platform |
id | EDB-ID:36285 |
last seen | 2016-02-04 |
modified | 2011-11-08 |
published | 2011-11-08 |
reporter | anonymous |
source | https://www.exploit-db.com/download/36285/ |
title | Microsoft Windows TCP/IP Stack Reference Counter Integer Overflow Vulnerability |
Msbulletin
bulletin_id | MS11-083 |
bulletin_url | |
date | 2011-11-08T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2588516 |
knowledgebase_url | |
severity | Critical |
title | Vulnerability in TCP/IP Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS11-083.NASL |
description | The TCP/IP stack in use on the remote Windows host is affected by an integer overflow vulnerability. Sending a continuous flow of specially crafted UDP packets to a closed port can result in arbitrary code execution in kernel mode. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 56736 |
published | 2011-11-08 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/56736 |
title | MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) |
code |
|
Oval
accepted | 2011-12-26T04:00:23.789-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:13877 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-11-08T13:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Reference Counter Overflow Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 43 |
Seebug
bulletinFamily | exploit |
description | CVE ID: CVE-2011-2013 Microsoft Windows是流行的计算机操作系统。 Microsoft Windows在TCP/IP协议栈的实现上存在安全漏洞,可被恶意用户利用控制受影响系统。 此漏洞源于在解析UDP报文时TCP/IP实现中存在的整数溢出错误,可通过发送到已关闭端口的一系列特制UDP报文利用此漏洞。 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS11-083)以及相应补丁: MS11-083:Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) 链接:http://www.microsoft.com/technet/security/bulletin/MS11-083 .asp |
id | SSV:23182 |
last seen | 2017-11-19 |
modified | 2011-11-09 |
published | 2011-11-09 |
reporter | Root |
title | Microsoft Windows TCP/IP引用计数溢出漏洞(MS11-083) |