Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5046

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-5046
Last Modified 19 Jul 2013 11:23:11
Published 30 Dec 2011 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5046

Summary

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

MISC - https://twitter.com/#!/w3bd3vil/status/148454992989261824

XF - ms-win32k-iframe-code-exec(71873)

EXPLOIT-DB - 18275

SECUNIA - 47237

OSVDB - 77908

MISC - http://twitter.com/w3bd3vil/statuses/148454992989261824

MS - MS12-008

SECTRACK - 1026450

CERT - TA12-045A

Related Patches

MS12-008 Security Update for Windows 7 (KB2660465)

MS12-008 Security Update for Windows Server 2008 (KB2660465)

MS12-008 Security Update for Windows Server 2003 (KB2660465)

MS12-008 Security Update for Windows Vista (KB2660465)

MS12-008 Security Update for Windows XP (KB2660465)

MS12-008 Security Update for Windows Vista for x64 (KB2660465)

MS12-008 Security Update for Windows Server 2003 x64 (KB2660465)

MS12-008 Security Update for Windows Server 2008 x64 (KB2660465)

MS12-008 Security Update for Windows 7 for x64 (KB2660465)

MS12-008 Security Update for Windows Server 2008 R2 x64 (KB2660465)


Last Updated: 27 May 2016 10:49:34