CVE-2011-0671

Description

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."

PUBLISHED Reserved 2011-01-28 | Published 2011-04-13 | Updated 2024-10-17 | Assigner microsoft

References

oval.cisecurity.org/...inition/oval:org.mitre.oval:def:11942 (oval:org.mitre.oval:def:11942) vdb-entry signature

osvdb.org/71745 (71745) vdb-entry

www.us-cert.gov/cas/techalerts/TA11-102A.html (TA11-102A) third-party-advisory

docs.microsoft.com/...pdates/securitybulletins/2011/ms11-034 (MS11-034) vendor-advisory

www.vupen.com/english/advisories/2011/0952 (ADV-2011-0952) vdb-entry

exchange.xforce.ibmcloud.com/vulnerabilities/66400 (mswin-win32k-var6-priv-escalation(66400)) vdb-entry

www.securityfocus.com/bid/47206 (47206) vdb-entry

support.avaya.com/css/P8/documents/100133352

secunia.com/advisories/44156 (44156) third-party-advisory

blogs.technet.com/...rabilities-in-the-win32k-subsystem.aspx

www.securitytracker.com/id?1025345 (1025345) vdb-entry

cve.org (CVE-2011-0671)

nvd.nist.gov (CVE-2011-0671)

Download JSON