CVE-2011-0045

high

Description

The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011

http://securityreason.com/securityalert/8110

https://exchange.xforce.ibmcloud.com/vulnerabilities/64926

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11996

http://support.avaya.com/css/P8/documents/100127248

http://www.securitytracker.com/id?1025046

http://www.vupen.com/english/advisories/2011/0324

http://www.zerodayinitiative.com/advisories/ZDI-11-064

Details

Source: Mitre, NVD

Published: 2011-02-09

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High