SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Microsoft)  >   Windows Drivers Vendors:   Microsoft
Windows Kernel-Mode Drivers Memory Corruption Errors Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges
SecurityTracker Alert ID:  1026165
SecurityTracker URL:  http://securitytracker.com/id/1026165
CVE Reference:   CVE-2011-1985, CVE-2011-2002, CVE-2011-2003, CVE-2011-2011   (Links to External Site)
Date:  Oct 11 2011
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
Description:   Several vulnerabilities were reported in Windows Kernel-Mode Drivers. A remote user cause arbitrary code to be executed on the target user's system. A local user can gain elevated privileges on the target system. A local user can cause denial of service conditions.

A local user can run a specially crafted application to trigger a null pointer dereference in Win32k.sys and execute arbitrary code with elevated privileges on 32-bit operating systems [CVE-2011-1985].

A remote user can create a specially crafted TrueType font file that, when processed by the target user via the Windows Explorer Details and Previews pane, will cause the target system to stop responding and restart [CVE-2011-2002].

A remote user can create a specially crafted '.fon' font file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code with kernel level privileges [CVE-2011-2003].

A local user can run a specially crafted application to trigger a use-after-free memory error in Win32k.sys and execute arbitrary code with kernel level privileges [CVE-2011-2011].

Andrei Lutas of BitDefender, Tarjei Mandt of Norman, Maik Wellmann, and Will Dorman of the CERT/CC reported these vulnerabilities.

Impact:   A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can gain kernel level privileges on the target system.

A local user can cause the target system to stop responding and restart.

Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=9157e677-ab3f-44b0-9735-192bc7421ba7

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=0f2444ac-61bd-47cf-9c1e-da86a2b0cfb5

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3bd62bf6-3400-4c03-95fe-148112b341e8

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=b73f4e87-9655-46d5-beb2-ea245dcd280d

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=a618cc19-5ebc-462e-a518-d9bfe41ed98e

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ff53d01b-97b7-40d2-af88-4978f1099a7c

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=47322e11-f1cf-4f70-b939-8cac9bbfc2bc

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7c7498ee-eba4-44fd-8846-0b2e96c96705

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=40386742-f397-402e-8810-63d3d6ba12a6

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3633402b-96cb-4f36-b137-d07d1baf28c7

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=9e40bc26-f77f-4b57-9b3d-9d053c19ac56

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=219554e6-eb5a-42d0-90c0-42b4d0772cfd

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=39bd4cfb-fe61-41b8-a5a2-73a9e720fc72

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0d35c6d0-6d2d-42bf-a97f-4c5e01b1937e

A restart is required.

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms11-077

Vendor URL:  technet.microsoft.com/en-us/security/bulletin/ms11-077 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC