SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Windows Search Vendors:   Microsoft
Windows Search Object Memory Handling Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1039792
SecurityTracker URL:  http://securitytracker.com/id/1039792
CVE Reference:   CVE-2017-11788   (Links to External Site)
Date:  Nov 14 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703, Windows Server, version 1709 (Server Core Installation)
Description:   A vulnerability was reported in Windows Search. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted messages to the target Windows Search service to trigger an object memory handling error and cause denial of service conditions.

This can also be exploited by a remote user via an SMB connection.

Lei Shi of Qihoo 360 Inc reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix.

The Microsoft advisories are available at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048952
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048956
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048953
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048954
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048955
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048957
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048958
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048959
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048960
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048961
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4047211
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4048962

Vendor URL:  portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2008), Windows (2012), Windows (7), Windows (8), Windows (10), Windows (Vista)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC