7.2

CVE-2011-1229

EPSS 0.75%
Published 13.04.2011 20:26:25
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2003 Server Version- Updatesp2

Microsoft ≫ Windows 7 Version-

Microsoft ≫ Windows 7 Version- Updatesp1

Microsoft ≫ Windows Server 2003 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Version-

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformitanium

Microsoft ≫ Windows Server 2008 Versionr2 HwPlatformx64

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64

Microsoft ≫ Windows Vista Version- Updatesp1

Microsoft ≫ Windows Vista Version- Updatesp1 HwPlatformx64

Microsoft ≫ Windows Vista Version- Updatesp2

Microsoft ≫ Windows Vista Version- Updatesp2 HwPlatformx64

Microsoft ≫ Windows Xp Version- Updatesp2 HwPlatformx64

Microsoft ≫ Windows Xp Version- Updatesp3

Avaya ≫ Agent Access

Avaya ≫ Aura Conferencing Standard Edition Version6.0.0

Avaya ≫ Basic Call Management System Reporting Desktop

Avaya ≫ Call Management Server Supervisor

Avaya ≫ Callpilot Version >= 4.0.x <= 5.0.x

Avaya ≫ Callvisor Asai Lan

Avaya ≫ Communication Server 1000 Telephony Manager Version >= 3.0.0 <= 4.0.0

Avaya ≫ Computer Telephony

Avaya ≫ Contact Center Express

Avaya ≫ Customer Interaction Express

Avaya ≫ Enterprise Manager

Avaya ≫ Integrated Management

Avaya ≫ Interaction Center

Avaya ≫ Ip Agent

Avaya ≫ Ip Softphone

Avaya ≫ Meeting Exchange Version >= 5.0.0 <= 5.2.0

Avaya ≫ Messaging Application Server Version >= 4.0.x <= 5.2.x

Avaya ≫ Network Reporting

Avaya ≫ Octelaccess Server

Avaya ≫ Octeldesigner

Avaya ≫ Operational Analyst

Avaya ≫ Outbound Contact Management

Avaya ≫ Speech Access

Avaya ≫ Unified Communication Center

Avaya ≫ Unified Messenger

Avaya ≫ Visual Messenger

Avaya ≫ Visual Vector Client

Avaya ≫ Vpnmanager Console

Avaya ≫ Web Messenger

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.724

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Third Party Advisory

US Government Resource

http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx

Vendor Advisory

http://secunia.com/advisories/44156

Third Party Advisory

http://support.avaya.com/css/P8/documents/100133352

Third Party Advisory

http://www.securitytracker.com/id?1025345

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2011/0952

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034

Patch

Vendor Advisory

http://osvdb.org/71735

Broken Link

http://www.securityfocus.com/bid/47229

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/66411

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-1229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1229

EUVD