Vulnerability Details : CVE-2011-0039
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
Vulnerability category: BypassGain privilege
Products affected by CVE-2011-0039
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0039
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2011-0039
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0039
-
http://www.securitytracker.com/id?1025049
Microsoft Local Security Authority Subsystem Service (LSASS) Lets Local Users Gain Elevated Privileges - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014
Microsoft Security Bulletin MS11-014 - Important | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537
Repository / Oval Repository
-
http://www.securityfocus.com/bid/46152
Microsoft Windows LSASS Length Validation Local Privilege Escalation Vulnerability
-
http://www.vupen.com/english/advisories/2011/0327
Webmail | OVH- OVHVendor Advisory
Jump to