Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Windows Search Vendors:   Microsoft
Windows Search Object Memory Handling Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1039792
SecurityTracker URL:
CVE Reference:   CVE-2017-11788   (Links to External Site)
Date:  Nov 14 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703, Windows Server, version 1709 (Server Core Installation)
Description:   A vulnerability was reported in Windows Search. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted messages to the target Windows Search service to trigger an object memory handling error and cause denial of service conditions.

This can also be exploited by a remote user via an SMB connection.

Lei Shi of Qihoo 360 Inc reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix.

The Microsoft advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2008), Windows (2012), Windows (7), Windows (8), Windows (10), Windows (Vista)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC