| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.5 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Microsoft Windows. The impacted element is an unknown function of the component SMB Client. This manipulation as part of SMB Response causes input validation. This vulnerability appears as CVE-2011-1268. There is no available exploit. You should upgrade the affected component.
Details
A vulnerability was found in Microsoft Windows (Operating System) (affected version not known). It has been declared as very critical. Affected by this vulnerability is some unknown functionality of the component SMB Client. The manipulation as part of a SMB Response leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
The weakness was presented 06/14/2011 with Microsoft as MS11-043 as confirmed bulletin (Technet). It is possible to read the advisory at microsoft.com. This vulnerability is known as CVE-2011-1268 since 03/04/2011. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/19/2021).
The vulnerability scanner Nessus provides a plugin with the ID 55123 (MS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90707 (Microsoft Windows SMB Client Remote Code Execution (MS11-043)).
Upgrading eliminates this vulnerability. Applying the patch MS11-043 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The best possible mitigation is suggested to be upgrading to the latest version. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 11303.
The vulnerability is also documented in the databases at Tenable (55123), SecurityFocus (BID 48184†), Secunia (SA44898†) and Vulnerability Center (SBV-31778†). See VDB-4362, VDB-4364, VDB-4361 and VDB-4367 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.5
VulDB Base Score: 10.0
VulDB Temp Score: 9.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 55123
Nessus Name: MS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 900287
OpenVAS Name: Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: MS11-043
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
03/04/2011 🔍06/14/2011 🔍
06/14/2011 🔍
06/14/2011 🔍
06/14/2011 🔍
06/15/2011 🔍
06/15/2011 🔍
06/16/2011 🔍
06/20/2011 🔍
03/19/2021 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS11-043
Organization: Microsoft
Status: Confirmed
CVE: CVE-2011-1268 (🔍)
GCVE (CVE): GCVE-0-2011-1268
GCVE (VulDB): GCVE-100-4363
OVAL: 🔍
IAVM: 🔍
SecurityFocus: 48184 - Microsoft Windows Server Message Block Client Remote Code Execution Vulnerability
Secunia: 44898 - Microsoft Windows SMB Client Response Parsing Vulnerability, Highly Critical
Vulnerability Center: 31778 - [MS11-043] Microsoft Windows Remote Arbitrary Code Execution Vulnerability via a Crafted SMB Response, Critical
See also: 🔍
Entry
Created: 06/20/2011 02:00Updated: 03/19/2021 11:03
Changes: 06/20/2011 02:00 (85), 03/24/2017 07:55 (11), 03/19/2021 11:03 (3)
Complete: 🔍
Cache ID: 216:27A:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.