Vulnerability Details : CVE-2011-0657
Public exploit exists!
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2011-0657
Probability of exploitation activity in the next 30 days: 78.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-0657
-
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Disclosure Date: 2011-04-12First seen: 2020-04-26auxiliary/dos/windows/llmnr/ms11_030_dnsapiThis module exploits a buffer underrun vulnerability in Microsoft's DNSAPI.dll as distributed with Windows Vista and later without KB2509553. By sending a specially crafted LLMNR query, containing a leading '.' character, an attacker can trigger stack exhaustion or
CVSS scores for CVE-2011-0657
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-0657
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0657
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-030
Microsoft Security Bulletin MS11-030 - Critical | Microsoft Docs
-
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securityfocus.com/bid/47242
Microsoft Windows CVE-2011-0657 DNS Resolution Remote Code Execution Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11902
Repository / Oval Repository
-
http://osvdb.org/71780
-
http://www.vupen.com/english/advisories/2011/0948
Webmail | OVH- OVH
-
http://secunia.com/advisories/44161
Sign in
-
http://www.securitytracker.com/id?1025332
Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges - SecurityTracker
Products affected by CVE-2011-0657
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*