Oval Definition:oval:org.mitre.oval:def:12764
Revision Date:2012-04-16Version:46
Title:DNS NAPTR Query Vulnerability
Description:The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1966
Platform(s):Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis
  • DNS role is enabled (Server 2008 or later)
  • AND Affected Software
  • Vulnerable Microsoft Windows Server 2008 x86/x64 SP2
  • Windows Server 2008 x86/x64 SP2
  • Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • AND GDR or LDR Service branch
  • The version of Dns.exe is less than 6.0.6002.18486
  • OR LDR
  • The version of Dns.exe is greater than or equal to 6.0.6002.22000
  • AND The version of Dns.exe is less than 6.0.6002.22665
  • OR Vulnerable Microsoft Windows Server 2008 R2 x64
  • Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND GDR or LDR Service branch
  • The version of Dns.exe is less than 6.1.7600.16840
  • OR LDR
  • The version of Dns.exe is greater than or equal to 6.1.7600.20000
  • AND The version of Dns.exe is less than 6.1.7600.20993
  • OR Vulnerable Microsoft Windows Server 2008 R2 x64 SP1
  • Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • The version of Dns.exe is less than 6.1.7601.17639
  • OR LDR
  • The version of Dns.exe is greater than or equal to 6.1.7601.21000
  • AND The version of Dns.exe is less than 6.1.7601.21754
    • BACK