Summary
This host is missing an important security update according to Microsoft Bulletin MS11-082.
Impact
Successful exploitation could allow remote attackers to cause the application to become unresponsive or to crash, denying service to legitimate users.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-082
Insight
Multiple flaws are due to input validation errors when processing certain requests can be exploited to trigger an infinite loop, corrupt memory and cause the snabase.exe, snaserver.exe, snalink.exe, or mngagent.exe process to stop responding via specially crafted requests sent to UDP port 1478 or TCP ports 1477 and 1478.
Affected
Microsoft Host Integration Server 2009/2010
Microsoft Host Integration Server 2006 SP1 and prior Microsoft Host Integration Server 2004 SP1 and prior
References
Severity
Classification
-
CVE CVE-2011-2007, CVE-2011-2008 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)
- Microsoft SharePoint Foundation Privilege Elevation Vulnerability (3000431)
- Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
- Microsoft Windows Active Directory Denial of Service Vulnerability (2853587)
- Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)