Vulnerability Name: CVE-2011-5046 (CCN-71873) Assigned: 2011-12-18 Published: 2011-12-18 Updated: 2019-02-26 Summary: The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2011-5046 77908 Microsoft Windows win32k.sys Memory Corruption Vulnerability 47237 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653) Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) Vulnerability in Windows Components Could Allow Remote Code Execution (2848295) Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) http://twitter.com/w3bd3vil/statuses/148454992989261824 Microsoft Windows 18275 Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption Microsoft Windows 'win32k.sys' Remote Memory Corruption Vulnerability 1026450 TA12-045A MS12-008 ms-win32k-iframe-code-exec(71873) ms-win32k-iframe-code-exec(71873) oval:org.mitre.oval:def:14603 EDB-ID: 18275 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:sp1:x86:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:itanium:* OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:x64:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista::sp2:~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_vista::sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:::x32:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* Oval Definitions BACK
microsoft windows server 2008 * sp2
microsoft windows server 2008 r2
microsoft windows server 2008 r2 sp1
microsoft windows 7 * sp1
microsoft windows server 2003 * sp2
microsoft windows vista * sp2
microsoft windows xp * sp2
microsoft windows xp * sp3
microsoft windows server_2003
microsoft windows server_2003
microsoft windows server_2003
microsoft windows xp sp2
microsoft windows server 2008 -
microsoft windows xp sp3
microsoft windows vista sp2
microsoft windows vista sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows 7
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows server 2008
microsoft windows 7 sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
Denotes that component is vulnerable