Vulnerability Note VU#951982
Microsoft Windows UDP packet parsing vulnerability
A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service.
Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a vulnerability when processing a continuous flow of specially crafted UDP packets, which results in an integer overflow.
Microsoft Security Bulletin MS11-083 states:
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 Nov 2011|
CVSS Metrics (Learn More)
Thanks to Microsoft Security Response Center for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2011-2013
- Date Public: 08 Nov 2011
- Date First Published: 08 Nov 2011
- Date Last Updated: 08 Nov 2011
- Severity Metric: 20.66
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.