Vulnerability Details : CVE-2011-0654
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute codeDenial of service
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2011-0654
Probability of exploitation activity in the next 30 days: 95.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-0654
-
Microsoft Windows Browser Pool DoS
First seen: 2020-04-26auxiliary/dos/windows/smb/ms11_019_electbowserThis module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows Server 2003 that have been configured as a domain controller. By sending a specially crafted election request, an attacker can cause a pool overflow.
CVSS scores for CVE-2011-0654
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
nvd@nist.gov |
CWE ids for CVE-2011-0654
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0654
-
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securitytracker.com/id?1025328
Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65376
Microsoft Windows Server CIFS code execution CVE-2011-0654 Vulnerability Report
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019
Microsoft Security Bulletin MS11-019 - Critical | Microsoft Docs
-
http://www.kb.cert.org/vuls/id/323172
VU#323172 - Microsoft Windows browser election message kernel pool overflowUS Government Resource
-
http://www.exploit-db.com/exploits/16166
Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow - Windows dos ExploitExploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2011/0938
Webmail | OVH- OVHVendor Advisory
-
http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx
Notes on exploitability of the recent Windows BROWSER protocol issue – Microsoft Security Response Center
-
http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx
Page not found - Microsoft Security
-
http://www.vupen.com/english/advisories/2011/0394
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/46360
Microsoft Windows 'BROWSER ELECTION' Buffer Overflow VulnerabilityExploit
-
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html
Products affected by CVE-2011-0654
- cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:r2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*