CVE-2011-1868

high

Description

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."

References

http://secunia.com/advisories/44894

http://www.securityfocus.com/bid/48180

http://www.securitytracker.com/id?1025639

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042

https://exchange.xforce.ibmcloud.com/vulnerabilities/67726

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11758

Details

Source: MITRE

Published: 2011-06-16

Updated: 2019-02-26

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH