Windows Server Message Block Parsing Error Lets Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Server Message Block

Vendors: Microsoft

Windows Server Message Block Parsing Error Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1025640

SecurityTracker URL: http://securitytracker.com/id/1025640

CVE Reference: CVE-2011-1268 (Links to External Site)

Updated: Aug 10 2011

Original Entry Date: Jun 14 2011

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs

Description: A vulnerability was reported in Windows Server Message Block. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted SMB data in response to a client-initiated SMB request to trigger a memory corruption error and execute arbitrary code on the target system. The code will run with user-level privileges.

Impact: A remote user can execute arbitrary code on the target system.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=492310D3-BBB4-4FFF-B5FE-3470C17E7681

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E10A4C3C-2EF8-4CFC-AC9B-4D97BFA79AC1

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2719E0FB-3CFD-47B2-906D-3E07B0E3C978

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=C962531E-F580-4195-989B-CF348CC96FA7

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=EA18A916-03CF-4EAC-BACC-CEB006491F24

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=A62EDFD8-9016-4BB5-BF48-885498FA0042

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=CB561BA6-AF4D-40CC-947C-923F9CCA9A7E

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8AB9679E-6A69-4CA3-9210-7CA4FB1980C2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=22C63FC3-2C5A-4E50-9026-2E04A6E74210

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5BB889DE-8FF6-4587-8EF9-FFB13E8D60FD

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=19A15098-1754-4536-A9CA-FF07D16464B7

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=19A15098-1754-4536-A9CA-FF07D16464B7

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=B449F23E-B3DF-46E5-BFE3-98268D20AD54

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=B449F23E-B3DF-46E5-BFE3-98268D20AD54

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=06008192-3CAC-477B-A913-83EED39D8718

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=06008192-3CAC-477B-A913-83EED39D8718

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=93A32BD9-7E67-4ACE-8C45-116F91B032F9

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=93A32BD9-7E67-4ACE-8C45-116F91B032F9

A restart is required.

[Editor's note: On August 9, 2011, Microsoft re-released their Bulletin to reoffer the update on all supported operating systems because of a stability issue. Users that have already successfully updated their systems should reinstall this update.]

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-043.mspx (Links to External Site)

Cause: Access control error

Underlying OS:

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC