Vulnerability Details : CVE-2011-0654
Public exploit exists!
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2011-0654
- cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:r2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0654
95.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-0654
-
Microsoft Windows Browser Pool DoS
First seen: 2020-04-26auxiliary/dos/windows/smb/ms11_019_electbowserThis module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows Server 2003 that have been configured as a domain controller. By sending a specially crafted election request, an attacker can cause a pool overflow.
CVSS scores for CVE-2011-0654
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0654
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0654
-
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securitytracker.com/id?1025328
Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65376
Microsoft Windows Server CIFS code execution CVE-2011-0654 Vulnerability Report
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019
Microsoft Security Bulletin MS11-019 - Critical | Microsoft Docs
-
http://www.kb.cert.org/vuls/id/323172
VU#323172 - Microsoft Windows browser election message kernel pool overflowUS Government Resource
-
http://www.exploit-db.com/exploits/16166
Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow - Windows dos ExploitExploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2011/0938
Webmail | OVH- OVHVendor Advisory
-
http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx
Notes on exploitability of the recent Windows BROWSER protocol issue – Microsoft Security Response Center
-
http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx
Page not found - Microsoft Security
-
http://www.vupen.com/english/advisories/2011/0394
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/46360
Microsoft Windows 'BROWSER ELECTION' Buffer Overflow VulnerabilityExploit
-
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html
Jump to