CVE-2011-1282 — HIGH (8.4) — White Hats Nepal

Vulnerability Description

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Windows 2003 Server	All versions
Microsoft	Windows 7	-
Microsoft	Windows Server 2003	All versions
Microsoft	Windows Server 2008	All versions
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions

Related Weaknesses (CWE)

CWE-119 CWE-476

References

FAQ

What is CVE-2011-1282?

CVE-2011-1282 is a vulnerability with a CVSS score of 8.4 (HIGH). The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and ...

How severe is CVE-2011-1282?

CVE-2011-1282 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1282?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows 7, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.