CVE-2011-2013

CVSS 9.8 CRITICALEPSS 33.7%CWE-190

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 33.7%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

08 Nov 2011Public PoC

08 Nov 2011Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/36285unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13877 http://www.securitytracker.com/id?1026290