SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Server Message Block Vendors:   Microsoft
Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1025328
SecurityTracker URL:  http://securitytracker.com/id/1025328
CVE Reference:   CVE-2011-0654, CVE-2011-0660   (Links to External Site)
Date:  Apr 12 2011
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
Description:   Two vulnerabilities were reported in Windows Server Message Block. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted Computer Browser message to trigger a parsing error in the target client's CIFS Browser Protocol implementation and execute arbitrary code on the target system [CVE-2011-0654]. The code will run with the System-level privileges.

A remote user can send a specially crafted SMB response to the connect client to trigger a parsing error and execute arbitrary code on the target system [CVE-2011-0660].

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=F5378E7B-4619-4C42-9D9F-87B209C6D878

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=C01441DA-8933-4F60-923B-D9B00DB8BA3D

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=D46FE0BF-28C2-4696-87BC-DD3C8287FC28

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=CA0FB4D3-7651-4760-83FA-B71C86CBE459

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=87EB8B93-9829-45EC-9528-52787732044E

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=DA8DD55D-6630-484E-836C-9FEEAB5CC311

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=040F8B46-F458-4A72-A1B0-AD8A65A1194C

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F8C9390A-5CA1-492A-9E35-A516DE48DEB5

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=B0CFD5E0-6DE5-4863-B5E4-B223A0E36D72

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8EAF51CD-2F6E-4BBC-BC4F-9DEED03649AC

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=0DCBA089-19F7-46CA-9E52-24EAEBAD4715

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0DCBA089-19F7-46CA-9E52-24EAEBAD4715

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=B7FD356A-56D0-4638-8901-40ACFA600F25

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=B7FD356A-56D0-4638-8901-40ACFA600F25

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=27A3847B-695B-4F60-AEA5-86B0DBE68945

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=27A3847B-695B-4F60-AEA5-86B0DBE68945

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=1E7D3F21-BDBD-4826-855D-85422AA5F836

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=1E7D3F21-BDBD-4826-855D-85422AA5F836

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-019.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-019.mspx (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC