CVE-2011-0654
CVE-2011-0654
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 68.1%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
14 Feb 2011Public PoC
16 Feb 2011Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/16166unverifiedexploitdbwww.exploit-db.com/exploits/16166unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.htmlhttp://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspxhttp://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspxhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019http://secunia.com/advisories/43299https://exchange.xforce.ibmcloud.com/vulnerabilities/65376https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637http://www.exploit-db.com/exploits/16166http://www.kb.cert.org/vuls/id/323172http://www.securityfocus.com/bid/46360http://www.securitytracker.com/id?1025328http://www.us-cert.gov/cas/techalerts/TA11-102A.html