CVE-2011-5046

Exploit

EPSS 76.98%
Veröffentlicht 30.12.2011 19:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 7 Updatesp1 Editionx86

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Server 2008 Updatesp2

Microsoft ≫ Windows Server 2008 Versionr2

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	76.98%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.us-cert.gov/cas/techalerts/TA12-045A.html

US Government Resource

http://osvdb.org/77908

http://secunia.com/advisories/47237

Vendor Advisory

http://twitter.com/w3bd3vil/statuses/148454992989261824

http://www.exploit-db.com/exploits/18275

Exploit

http://www.securitytracker.com/id?1026450

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-008

https://exchange.xforce.ibmcloud.com/vulnerabilities/71873

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14603

https://nvd.nist.gov/vuln/detail/CVE-2011-5046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-5046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-5046

EUVD