Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-070.

Impact

Successful exploits will allow local attackers to execute arbitrary code with local system privileges and potentially compromise the affected computer. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-070

Insight

The flaw is caused by an error in the Windows Internet Name Service (WINS) when handling handling a series of malformed packets sent over the loopback interface, leading to arbitrary code execution with elevated privileges.

Affected

Microsoft Windows 2K3 Service Pack 2 and prior Microsoft Windows Server 2008 Service Pack 2 and prior

References

http://support.microsoft.com/kb/2571621
http://technet.microsoft.com/en-us/security/bulletin/ms11-070
http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validation
http://www.exploit-db.com/exploits/17831/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1984

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)

Take action and discover your vulnerabilities