Summary
This host is missing an important security update according to Microsoft Bulletin MS11-082.
Impact
Successful exploitation could allow remote attackers to cause the application to become unresponsive or to crash, denying service to legitimate users.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-082
Insight
Multiple flaws are due to input validation errors when processing certain requests can be exploited to trigger an infinite loop, corrupt memory and cause the snabase.exe, snaserver.exe, snalink.exe, or mngagent.exe process to stop responding via specially crafted requests sent to UDP port 1478 or TCP ports 1477 and 1478.
Affected
Microsoft Host Integration Server 2009/2010
Microsoft Host Integration Server 2006 SP1 and prior Microsoft Host Integration Server 2004 SP1 and prior
References
Severity
Classification
-
CVE CVE-2011-2007, CVE-2011-2008 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft Windows Active Directory Denial of Service Vulnerability (2853587)
- Microsoft SharePoint Server Excel Services RCE Vulnerability (2904244)
- Microsoft Office Security Feature Bypass Vulnerability (3033857)
- Microsoft DirectShow Elevation of Privileges Vulnerability (2975681)
- Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability