FKIE_CVE-2011-0670

Vulnerability from fkie_nvd - Published: 2011-04-13 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
References
secure@microsoft.comhttp://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx
secure@microsoft.comhttp://osvdb.org/71744
secure@microsoft.comhttp://secunia.com/advisories/44156
secure@microsoft.comhttp://support.avaya.com/css/P8/documents/100133352
secure@microsoft.comhttp://www.securityfocus.com/bid/47205
secure@microsoft.comhttp://www.securitytracker.com/id?1025345
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA11-102A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2011/0952
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66399
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12337
af854a3a-2127-422b-91ae-364da2661108http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/71744
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44156
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100133352
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47205
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025345
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0952
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66399
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12337
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_7 -
microsoft windows_7 -
microsoft windows_7 -
microsoft windows_server_2003 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 -
microsoft windows_server_2008 r2
microsoft windows_server_2008 r2
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
              "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en win32k.sys en los controladores de kernel-mode  en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1, permite a atacantes locales producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario mediante la utilizaci\u00f3n de una aplicaci\u00f3n manipulada que desencadena un manejo err\u00f3neo de los objetos tipo driver, es una vulnerabilidad diferente de otras \"Vulnerabilidades tipo 1\" CVEs enumerados en MS11 - 034, tambi\u00e9n conocido como \" Win32k vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n \""
    }
  ],
  "id": "CVE-2011-0670",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-13T18:55:01.657",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/71744"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/44156"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.avaya.com/css/P8/documents/100133352"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/47205"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025345"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2011/0952"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66399"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/71744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100133352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12337"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.